We are pleased to
announce the following vacancy in the IT Operations / IT Security Department
within the Technology Division.
In keeping with our current business needs, we are looking for a person who meets the criteria indicated below:
System
Security AdministratorIn keeping with our current business needs, we are looking for a person who meets the criteria indicated below:
Ref: TECHNICAL-SSA-FEB 2012
Reporting to the Manager Systems Security; the holder of the position will plan/manage the execution of system Security related tasks within existing & new projects; Implement Security policies, standards and procedures; Provide technical security expertise and support to project teams to ensure the efficient use of systems and tools.
Key Responsibilities
- Security
vulnerability assessments and penetration testing on IT Business Systems,
Data and GSM networks;
- Minimize
and mitigate risks introduced by existing and new information technologies
and services ;
- Advice
on mitigation and resolution to the technical resources;
- Implement
Information Security Policies, Standards, Procedures & & Minimum
Baseline Standards (aka Checklist/Guideline);
- Provide
input to defining compliance and monitoring metrics for system Security;
- Liaise
with Internal & External Auditors in the implementation of System
Security audits to ensure that system audit scope will add value to the
risk management process.
- Assist
Information Custodians with the resolution of system audit findings. Provide
a report detailing resolutions and get sign-offs from the system
custodians;
- Provide
feedback regarding progress made on previous system audits.
- Develop,
maintain, and troubleshoot various system security systems including
Content filters, Antivirus, Network and Host IDS/IPS;
- Ensure
that all new content threats are addressed and Protect the environment
from intrusions/hacks;
- Update
the security technologies by installation of new signatures and patches;
- Information
Security Research - ensure regular updates for all new threats to all
technologies implemented in Safaricom (this includes exploits directed at
GSM specific technologies);
- Design
and advice on Security implementations for all new systems within the
technical division;
- Design
network security in new and existing networks;
- Participate
in all technical projects and provide Security requirements in line with
information security policies and Standard requirements.
- Build a
security in-depth network and ensure the Firewalls, IPS/IDSs, Network authentication
technologies are designed in line with Security best practices.
Minimum Requirements
- Formal
4 year Information Technology Degree from an acknowledged Tertiary
Institution
- Minimum
of 5 years System Security experience – in Penetration testing and
Vulnerability assessments, IDS/Firewalls/VPN administration, Content
filters, Security Scan tools, Network and Systems Administration ;
- Professional
Information Security Qualification: CCSP/CISSP/CISM/CISA;
- Advanced
Networking Competencies: CCNA/CCNP;
- Advanced
understanding of the implementation of ISO27000, PCI DSS & COBIT;
- Experience
in the use of vulnerability assessment tools;
- Experience
in Microsoft & Unix Operating Systems;
- Advanced
understanding of information security technologies such as Firewalls, Host
and Network-based Intrusion Detection Systems, Antivirus, web &
content filtering solutions, Network Access Control etc;
- Analytical
and problem solving skills;
- Must be
highly committed, self- motivated, confident, enthusiastic and have the
ability to perform well under pressure;
- Excellent
communication and Ability to work in a team.
The deadline for application is Wednesday, 7th March 2012.
The Senior Manager – Talent Acquisition
Safaricom Ltd
Nairobi
Via E-mail to hr@safaricom.co.ke