We are seeking to recruit a highly qualified result-oriented individual for the position of Information Security Officer.
1. Job Title & Reporting
Position Title: Information Security Officer
Reporting: To The ICT Manager
2. Job Purpose
To provide ICT support in continuous review of the Society’s systems and in recommending mitigation measures against risks and issues identified with a view to improve confidentiality, integrity and availability of Society’s information and information processing systems.
3. Main Responsibilities
a) Oversee and implement the Society's information security program and enforce the information security policy.
b) Design information security controls with the consideration of users at all levels of the Society, including internal (i.e., management and staff) and external users (i.e., contractors/consultants, business partners and service providers).
c) Organizing professional information security related trainings to improve technical proficiency of staff.
d) Ensure that regular and comprehensive information risk assessments are conducted.
e) Ensure that adequate processes and tools are in place for monitoring IT systems to detect information security incidents and events in a timely manner.
f) Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered. Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
g) Ensure frequent data backups of critical IT systems (e.g., real time back up of changes made to critical data) are carried out to a separate storage location.
h) Review of the Society’s critical systems, recommendation, and implementation of appropriate and adequate IT security controls to mitigate and minimize information security risks.
i) Ensure continuous review of controls in place to identify and close gaps and provide continuous assurance on the security of the Society’s information systems.
j) Ensure consistency in achieving compliance requirements, optimal efficiency, and cost containment regarding information systems security.
k) Ensure robustness of the Society’s information system security and effectiveness of systems (policies, processes, procedures, and tools) in escalating and investigating IS security violations.
l) Adequacy of personal competence to effectively maintain quality assurance for the Society’s information systems security in a manner that consistently meets established standards or benchmarks.
m) Perform continuous reviews of users of systems with emphasis on exits, joiners and internal movements, and take appropriate corrective actions where there are deviations.
n) Liaise with managers to continuously confirm and update the rights and privileges of users in the Society.
o) Perform continuous review of systems, including technical penetration testing and vulnerability assessment of systems and applications.
p) Communicate ICT security findings with management and follow up issues to closure.
q) Perform daily reviews of logs and audit trails of key and critical Society systems as per the program of work.
r) Provide ICT security support for the ICT related projects carried out during the year, ensuring compliance with Society policies and best practice.
s) Carry out an effective information security awareness program in the Society.
t) Keep abreast of the fast-changing information systems exposures/ threats and ensure that adequate and up-to-date information systems security measures are in place for the maximum protection of Society information assets.
u) Any other lawful duties that may be assigned from time to time.
4. Knowledge, Skills, and Experience
Minimum level of academic qualification, knowledge required to perform effectively in the role:
a) A Bachelor’s degree in Computer Science or any other ICT related fields.
b) Knowledge of relevant ERP/Systems will be an added advantage.
c) Successful candidates will be required to meet the requirements of Chapter 6 of the constitution of Kenya by obtaining the necessary documentation.
Minimum level of professional qualification/professional experience required to perform effectively in the role:
a) Professional certification in ICT fields (CISM, CISA or similar certification) is an added advantage.
b) Knowledge in CISCO.
c) Experience in maintenance and security of Microsoft Servers, firewall, ERP and systems.
Minimum months or years of experience required to have to be appointed to the position:
- Three (3) years of experience.
Desired Technical & Behavioural Skills:
a) A proven record of dealing with complex projects and meeting conflicting demands.
b) Knowledge of Network monitoring tools, Traffic analysis, and intrusion detection systems.
c) Knowledge of information security management best practices such as ISO 27000.
d) Knowledge of threat and vulnerability analysis, risk assessment business impact analysis.
e) Compliance &Risk management.
f) Good knowledge of the market and the Society’s products and services.
g) Knowledgeable with working experience of the relevant ERP/Systems software.
h) Explores places/situation to maximize innovation for the Society.
i) Strong analytical skills.
j) Self-confidence and motivated.
k) Excellent communication with strong written and oral skills.
l) Good people, interpersonal and networking skills.
Key Performance Indicators
a) System uptime and system security
b) Effective BCP and DRP systems
c) Compliance with the Data Protection regulations.
d) Seamless process of data accessibility and information awareness.
e) Level of user satisfaction.
How to Apply
Interested candidates for the above opportunity should access more
information on the job specifications and apply online by filling in the
data form from our website on
www.mhasibusacco.com/careers/Information Security Officer
Applicants should after filling the form send their detailed
curriculum vitae, copies of academic and professional certificates, and
relevant testimonials to the email
recruitment@mhasibusacco.com. The deadline for submission of all applications is on or before 12th May 2023 by 5.00 pm.
Kindly note that only shortlisted candidates shall be contacted.
Mhasibu Sacco is an equal opportunity employer.