ICT Security Officer at United Nations

Reports to: Head of ICT

Terms: Open ended contract

Job Summary: Reporting to the Head of ICT, the job holder will be responsible for Protecting computer assets by establishing and enforcing system controls and maintaining disaster recovery
preparedness. Enforcing System Security controls as per ICT Policy and internationally recognized standards and best practices.

Main Duties and Responsibilities

• Ensure secure access to information, completeness, accuracy and privacy.
• Enforce ICT Security Policy.
• Monitor systems against breaches, data and income leaks 24-7
• Research, develop, implement, test and review an organization’s information security in order to protect information and prevent unauthorized access
• Assist Risk and Audit team with security related investigations.
• Establish system controls by developing framework for controls and levels of access.
• Ensures authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests.
• Test backups regularly, developing procedures for source code management and disaster preparedness
• Develops security awareness by providing orientation, educational programs, and on-going communication.
• Providing expert, timely, and relevant advice to the Head of ICT about computer system security issues and activities affecting the organization.
• Championing security efforts towards compliance with regulatory standards and best Practice.
• Preparation of reports on continued security status of ICT infrastructure and provide remediation measures where vulnerability exists to ensure no adverse threats/impacts affects the systems availability and security for possible financial loss.
• Supervise the review of technical security assessments of computing environments to identify points of vulnerability, ethical hacking, penetration tests, non-compliance with established Information Security standards and regulations, and recommend mitigation strategies
• Continuously research on emerging threats and vulnerabilities in information security to gain awareness of the latest information security technologies and developments.
• Assess external partners such as vendors’ and contractors’ procedures, processes and security controls to ensure they adequately protect the organization’s business information and transactions.
• Regularly conduct security audits on ICT infrastructure, to assess the strength of its current security arrangements and potential vulnerabilities, make recommendations and follow
• Work with user departments to ensure information technology threats are properly identified, analysed, communicated, investigated and corrective actions taken.
• Develop and maintain a continuous professional development (CPD) program for the staff in the Section in liaison with the Head of ICT and Human Resource.

Qualifications, Knowledge and Skills Required

• Bachelor’s degree in IT/ BBIT / Computer Science or IT related field;
• 5 years of experience practical, proven, hands on experience in IT security from a financial institution including Sacco’s MFIs and Banks;
• Web Applications Security, Network security or equivalent is an added advantage Boot camp (CEH, Ninja Ethical Hacking) with experience is an added advantage.
• IT Security professional qualifications e. CCNA, CCNP, CISSP, CISA/CISM/CEH or other relevant security certifications.
• MCSA /MCSE/ certification
• ITIL foundation level certification
• At least 3 years’ experience in Security/Network administration with strong technical knowledge of database, network and operating systems
• Knowledge of various security methodologies and processes and technical security solutions (firewall and intrusion detection systems).
• Knowledge of TCP/IP Protocols, network analysis, and network/security
• Working knowledge and experience in penetration testing and vulnerability assessments.
• Knowledge of common cybersecurity threats and sources of cybersecurity
• Good understanding and knowledge of risk assessment, risk procedures, security assessment, vulnerability management, penetration testing.
• Investigation skills, Knowledge and ability to identify information security breaches;
• Ability to establish an information security monitoring system, Programming skills, Cyber Security: Digital forensic, malware analysis