Cyber Security Assurance & Compliance Advisor at University of Nairobi Enterprises and Services (UNES)

Contract terms: This is a Short-Term Technical Assistance consultancy position

Remuneration: Daily rates subject to number of days allocated by month

The Cyber Security Assurance & Compliance Advisor will conduct cyber threat and risk analysis of the Digital Health Systems along and across the health data lifecycle. The consultant will perform security research, testing, evaluation and reporting on existing software assets, technology stack, human elements and develop procedures for continuous identification, detection, protection, recovery and reporting of security risks, threats, and breaches while proposing improvement on existing compliance requirements

Roles and Responsibilities

The person will:

1. Work with the Ministry of Health and other stakeholders in the evaluation of the digital health cyber security
2. Review compliance of and alignment of software, hardware and data systems to the country’s laws, regulations, policies, standards and standard operating procedures, and where there is a gap, apply internationally recognized standards and/or regulations.
3. Evaluate digital health interventions by collecting and analyzing data necessary in eliminating risk, performance and capacity issues. The consultant is free to develop his/her own tools for the security architecture review in accordance with the Kenya Health Enterprise Architecture
4. Define and recommend security requirements for computer systems such as, enterprise data networks, servers, desktops, and personal computers including handheld and wearable devices.
5. Review and document the built-in security systems such as software, hardware, and components with a view to recommending strategies for software systems and application, data networks, data centers, stand-alone and interconnected systems
6. Design and document secure procedures that optimize security in new digital health technology services. The consultant will help in optimization of current security test and cybersecurity engineering processes and policies.

Key Deliverables

1. Cyber security landscape analysis and inception report
2. Stakeholder mapping engagement plan
3. Cybersecurity Evaluation Report complete with recommendations and security requirements based on local and or international standards
4. Procedures and principles for routine cybersecurity audits to monitor, identify and react to security risks and threats

Qualifications, Skills and Knowledge Required

1. Bachelor’s Degree in Computer Science with further training or certification in cyber security
2. Three years post qualification, demonstrable hands-on experience in enterprise cybersecurity
3. Demonstrable ability to transfer knowledge to diverse audiences through training, mentoring, and other formal and non-formal methods
4. Demonstrated leadership, ethics, and sound judgement, both independently and as part of a team.
5. Ability to deliver projects within short timeframes
6. Excellent communication, technical writing, management and organizational skills coupled with strong communication skills for high-level audiences
7. Strong interpersonal skills working in a multi-disciplinary and diverse group