OFFICER – POLICY & IT RISK MANAGEMENT (3 POSITIONS)
Job
Summary:
The jobholder is responsible for supporting
the implementation of Information Security management System based on ISO27001
and best practice.
Key Responsibilities
- Implement Information Security
Management System based on the ISO/IEC 27001 series standards, including
preparation for certification against ISO/IEC 27001
- Perform gap analysis of information security
standards such as ISO 27001 and create compliance reports for information
security standards such as ISO 27001
- Develop/review IS policies, standards, procedures
and guidelines, in liaison with the stakeholder to obtain appropriate
approvals and feedback for implementation.
- Compliance monitoring and improvement activities
to ensure adherence to internal security policies, procedure, standards
and applicable laws and regulations
- Support departments to manage implementation of
information security management system.
- Prepare materials and conduct Information security
awareness, training and educational activities to stakeholders.
- Manages information security risk assessments and
controls selection activities
- Perform testing of internal controls specified in
Information Security Policies and Perform internal audit reviews to assess
the effectiveness of current information security controls
- Ensure timely and effective corrective actions are
taken to correct deficiencies and provide status reporting.
- Support the Information Security program including
development, collection, assessment, and reporting of metrics
- Recommend security policy changes and enhancements
as needed
- Conduct mock ISO Audits and, report on
departments’ preparedness for final audit and certification
- Support ISO 27001- audit and certification
activities Day-to-day information security operations, supervision,
reporting, management of performance and development of staff in the
function
Qualifications
- A Bachelor’s degree in Computer Science or related
field from a recognized institution.
- Must have at least one of the following security
certifications or training in CISA/CISM/CEH/CHFI/ECIH/CISSP/ISO
27001/CRISP,
- At least one (1) year related IT security work
experience in a large or busy organization.
Technical Skills Required
- Experience in Information Security Management
System
- Experience in development of policies and
procedures
- Knowledge in Information security risk management
- Experience in Information security awareness
development and training
- Experience in cyber security threat Analysis or
incident management
Key Competencies:
- Excellent stakeholder engagement skills
- Analytical mind with problem-solving aptitude
- Excellent listening, communication and
presentation skills
- Reliable and thorough with a deep commitment to
accuracy
- Self-motivated and able to work independently
- A team player
- Ability to prioritize competing work commitments
and deliver on time
How to Apply
Supervisor –
Vulnerability Management
Job Summary:
The job holder is responsible for the management of technical
vulnerabilities and implementation of security controls in the organization’s
Business Systems. The role includes carrying out vulnerability assessments,
penetration testing, identifying security gaps, ensuring that the network,
databases, business systems and services comply with the approved policy, best
practice, security requirements and set minimum baseline standards.
Responsibilities
- Review KRA Business systems for technical
vulnerabilities and ensure appropriate safeguards are in to provide mitigations.
- Coordinate vulnerability assessments, penetration
tests, security reviews on business systems, services and databases using
various tools and personal knowledge.
- Ensure compliance with the approved policy, best
practice, security requirements and set minimum baseline standards for the
business systems.
- Coordinate development of system security
requirements for the various systems at acquisition/development and carry
out security tests on the systems before deployments
- Identify, recommend, and configure suitable tools
to enhance Information systems security.
- Monitor systems and applications for security
issues, vulnerabilities and recommend remediation including patching and
upgrades, rules updates
- Attend Change Advisory Committee meetings for enhancement
of business operations.
- Ensure compliance to ISO (9001/2015 and
27001/2013) and ISMS and data security requirements.
- Day-to-day information security operations,
supervision, reporting, management of performance and development of staff
in the function
Qualifications
- Bachelor’s degree in Computer
Science or IT related field.
- Must have at least one of the following
certifications or training in CEH/CHFI/ECIH/CISSP.
- At least three (3) years related IT security work
experience in a large or busy organization.
Technical Skills Required
- Experience in Vulnerability Assessments and
Penetration testing.
- Experience in Digital Forensics, cyber security
threat Analysis or incident management
- Proficiency in implementation and use of security
testing tools/solutions.
- Broad-based IT experience with technical knowledge
of Network, Virtualization, Hardware, Storage, Operating systems, and
Applications.
- Good command of SQL language.
- Good command of Unix/Linux/windows
- Knowledge in Information security risk management
- Experience in Information Security Management
System
- Experience in Project Management
Key Competencies:
- Excellent stakeholder engagement skills
- Analytical mind with problem-solving aptitude
- Excellent listening, communication and
presentation skills
- Reliable and thorough with a deep commitment to
accuracy
- Self-motivated and able to work independently
- A team player
- Ability to prioritize competing work commitments
and deliver on time
How to Apply