IT Risk And Security Manager at KEMRI Wellcome Trust Research Programme (KWTRP)

Reference Number: ITRSM-25102021
 
JOB PURPOSE: 

To manage the Programme’s IT Security Function. The Information Security Manager serves as the process owner for all ongoing activities that provides appropriate access to systems and protect the confidentiality, integrity and availability of information in the organisation.

Description: 
REPORTING LINES:

1. Head of ICT
2. IT Security Team

BUDGET RESPONSIBILITY: 

1. Influences the management of resources in order to plan, estimate and carry out IT Security function to deliver work on time, within budget and implement quality targets in accordance with appropriate standards.

KEY RESPONSIBILITIES:

1. Ensures KWTRP is least exposed to fraud Losses by implementing technology prevention and detection measures.
2. Maintains the data protection process and ensures effective data loss prevention measures and controls are implemented in the organisation.
3. Advises on Information Security tools and methods necessary to support the KWTRP’s Information Security Strategy.
4. Maintains and enforces the system risk management and Information security risk management framework/methodology.
5. Monitors and records IT vulnerability risk register in compliance with the Security Standards, Policies and Architecture.
6. Identifies and analyses system vulnerabilities to manage and mitigate risks and use forensic technology to assist in any breach investigation.
7. Performs system risk assessment and gap analysis for all technologies, products, services, departments, and vendors.
8. Establishes, reviews, and verifies the system risk and Information security risk related policies, standards and procedures documentation.
9. Implements the IT Security governance structure, Information Security Policy and Standards in line with minimum baseline security Standards and industry best practices and regulations.
10. Promotes and continuously improves Information Security posture of the organization.
11. Communicates with management to ensure support for the information security program.
12. Formulates and reports appropriate Technology Security metrics to management.
13. Work with Servicedesk to create an enterprise-wide Information Security education and awareness campaign.

QUALIFICATIONS:

1. A Bachelor of Science in Computing or related degree from a recognised University.
2. Possession of MBA or M.Sc. in Computing or related field is an added advantage.
3. Must possess at least one internationally recognizable IT security certification such as CISM, CISSP, CISA, CASP, MCSE CEH or Security+. Having more than one certification is an added advantage.
4. A minimum of 7 years’ experience in Information Technology, 3 of which must be in Senior IT Security Management with hands on experience in:
5. IT Security governance
6. Cloud IT Security management
7. Software / application and security architectures
8. IPS and vulnerability Testing tools
9. Active Directory management
10. Good understanding of endpoint solutions
11. An understanding of the perimeter security solutions.
12. IT Security on O365, operating systems and databases in an heterogenous environment (UNIX, Microsoft, Oracle, SQL, Open source).
13. Wide knowledge of web security architecture.
14. Knowledge and skills on encryption, VPN

DESIRABLE:

1. Excellent verbal and written communication skills with technical and non-technical staff, end-users, and senior management.
2. Strong teamwork skills to maintain strong working relationships, within and outside IT to develop a results-oriented work environment.
3. Excellent follow-up skills to see tasks through to resolution and communicate problem status to end users such as notification of completion, notification of delay, and explaining rationale.
4. Excellent analytical solving skills.
5. Excellent organizational skills, prioritizing and managing multiple tasks.
6. Offer and accept feedback and constructive suggestions.
7. Good logical diagnostic skills and ability to exercise good judgement in the resolution of problems.
8. Ability to multi-task in dealing with several different problems at a time.
9. Ability to work under high pressure, meet deadlines, monitor and follow-up on pending matters under minimum supervision.

COMPETENCIES

1. Demonstrated high levels of confidentiality and integrity .
2. Excellent interpersonal, written, presentation and communication skills
3. Excellent analytical, problem-solving and critical thinking skills.
4. Strong Management, leadership and decision-making skills .
5. Ability to build strong and effective teams.
6. Ability to delegate and motivate teams