Head of IT Security at Kenya Airways

The Head of IT Security reports to the Chief Information Officer (CIO) and leads the development and implementation of a comprehensive Cybersecurity program that facilitates information security governance.

In this role, you will be accountable for the specification and delivery of all products, services and materials required to operate best practices of cybersecurity for Kenya Airways. You will also maintain current knowledge of cybersecurity and the changing threat landscape; track new developments in rapidly changing information technologies and implement improvements to all layers of security related to the Kenya Airways’ perimeter, network, endpoints, applications, data, monitoring, incident response, disaster recovery, business continuity, and enterprise risk management.

The position requires a leadership approach that is engaging, imaginative, and collaborative, with the ability to work with other leaders to set the best balance between security strategies, general controls, compliance, and other organizational priorities.

The Role
 

The successful jobholder will be expected to:

• Lead and motivate the IT Security team to help ensure the company continues to operate in a secure, stable, and compliant environment.
• Amend, implement and monitor a comprehensive enterprise data security program to ensure the integrity, availability and control of company, customer, and government information and technical data.
• Lead the development of up-to-date information security policies, procedures, standards and guidelines, and oversee their approval, dissemination, and maintenance.
• Ensure that the Company’s security plan is in compliance with applicable laws, regulations, and contractual requirements. This includes maintaining current knowledge on changing regulations specific to security, identifying appropriate implementation plans, and ensuring requirements are met.
• Responsible to manage the daily operations for IT Vulnerability assessment, Data Leakage, Firewall reviews and providing timely updates, support issues regarding to endpoint’s vulnerability, patch, and security configuration scanning and providing solution recommendations to avoid repeated issues.
• Defining procedures and standards related to the management and resolution of vulnerability, patch, security configuration and other security assurance services.
• Communicate IT security risk through effective engagement with all stakeholders for agile decision making and awareness.
• Provide support, guidance, mentoring and education, to ensure that appropriate monitoring and controls are in place for compliance with established security policies and procedures
  Serve as subject matter expert on security standards, best practices and business aligned best practices.
• Evaluate and implement new technology or process solutions to ensure appropriate security considerations are addressed.
• Create and manage information security and risk management awareness training programs for employees, contractors, vendors and/or clients.
• Facilitate and identify acceptable levels of risk and establish roles and responsibilities with regard to information classification and protection.
• Oversee incident response planning and the investigation of security breaches, review investigations after security incidents, including impact analysis and recommendations for avoiding similar vulnerabilities.
• Work with Internal and External Auditors on security and system access reviews.
• Lead the designing and implementation of IT controls designed to mitigate identified risks and ensure they are monitored for continued effectiveness.
• Lead and manage the implementation of COBIT (Control Objectives for Information Technology).

Qualifications, Skills & Attributes

The successful jobholder will be required to possess the following qualifications: -

• An IT related bachelor’s degree or similar qualifications with relevant IT Security professional qualifications.
• At least 10 years’ experience in similar role in IT Security Services coupled with a strong knowledge of security architectures and technologies including assessment, methodologies, compliance standards etc.
• Solid knowledge of Security standards, IT security regulatory and compliance regulations and standards like PCI, HIPAA, Sarbanes Oxley, ISO 27001, NIST, CSF, COBIT, ITIL, SANS 20 and so on.
• Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies.
• Strong leadership, analytical, problem-solving, written, verbal and presentation skills.
• Extensive interpersonal skills with the ability to work effectively with end-users, IT peers, managers and vendors.
• Prior experience working with external auditors and regulators.
• Strong business acumen, people management skills, conflict management & resolution skills, negotiations skills.
• Demonstrated proven success in working in a team as well as independently and exhibit follow-through to understand root causes of issues.
• Strong leadership, analytical, problem-solving, written, verbal and presentation skills.
• This position calls for an individual who exhibits thoughtful introspection but is also able to assess a broad spectrum of issues.