Chief Information Security Officer at Airtel

Airtel Kenya wishes to recruit for the role of Chief Information Security Officer. The Chief Information Security Officer will be responsible for providing operational support to the IT Director, managing company’s cyber and information technology security risks, ensuring availability, integrity and confidentiality of customer and business information and ensuring compliance to the company’s legal and regulatory requirements.

This role reports to the Information Technology Director. Key responsibilities of the role include and are not limited to;

• Develop and implement Airtel’s cybersecurity policies and programs.
• Ensure compliance to the cyber security policies.
• Maintain a comprehensive cyber asset and user register.
• Ensure that the cybersecurity strategy addresses the needs of the company, taking into account the overall business strategies, risk appepite and ICT risk management policies.
• Design cybersecurity controls with the consideration of  both internal and external users.
• Facilitate proffessional cybersecurity related trainings for staff to improve technical proficiency and awareness for improved cyber hygiene.
• Ensure that there are adequate process for monitoring IT systems to detect cybersecurity incidents in a timely manner.
• Report on the assessment of confidentiality, intergrity ,and availability of the information systems.
• Report on the detailed exceptions on exemptions on policies and procedures.
• Report on the assessment of the effectiveness of the approved cybersecurity program.
• Report on all material cybersecurity events that affect the company during the period.
• Ensure timely update of the incidence reporting mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
• Incorporate the utilization of scenario analysis to consider a material cyber attack, mitigating actions, and identify potential control gaps.
• Ensure adequate back up of IT systems and data in line with the predetermined recovery objectives (e.g. real time back up of changes made to critical data) .
• Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision- making, are clearly defined, documented and communicated to relevant staff.
• Put in place BCP and disaster recovery test plans to ensure that the company can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber crime.
• Assess the overall effectiveness of the cybersecurity program.
• Periodically report on the company’s cybersecurity posture to senior management, Board and audit committees.

 Expected key results

• Implementation of cybersecurity policies and processes across the business
• Implementation and effectiveness of the cybersecurity program
• Turn around time on reporting- monthly, quarterly
• Knowledge transfer and adherance to cybersecurity requirements by internal stakeholders
• Cost Management
• Turn around time on prevention and management.

Qualifications

• 9-12 years’ experience in Risk Management and Information Security Technology in IT/ Telecommunications or Consumer services industry preferred.
• Bachelor’s Degree in Information Technology.
• Master’s in Business Administration or IT Security preferred.
• CISCO courses (CCNA Security, CyberOps etc) and certification and certified ethical hacker.
• Network risk acumen an added advantage

Competencies and behavior

• Strong communication skills
• Strong relationship building and interpersonal skills;
• Strong skills in handling intrusion detection, prevention and firewalls.
• Strong risk identification skills.
• High level of planning and execution skills.
• Strong reporting and analytical skills.

The deadline for applications is 5.00pm on Wednesday 9th October 2019.   

Only shortlisted candidates will be contacted.