IT Risk and Security Manager - Re-advertisement at KEMRI Wellcome Trust Research Programme (KWTRP)

Key Responsibilities:

• Ensures KWTRP is least exposed to fraud Losses by implementing technology prevention and detection measures.
• Maintains the data protection process and ensures effective data loss prevention measures and controls are implemented in the organisation.
• Advises on Information Security tools and methods necessary to support the KWTRP’s Information Security Strategy.
• Maintains and enforces the system risk management and Information security risk management framework/methodology.
• Monitors and records IT vulnerability risk register in compliance with the Security Standards, Policies and Architecture.
• Identifies and analyses system vulnerabilities to manage and mitigate risks and use forensic technology to assist in any breach investigation.
• Performs system risk assessment and gap analysis for all technologies, products, services, departments, and vendors.
• Establishes, reviews, and verifies the system risk and Information security risk related policies, standards and procedures documentation.
• Implements the IT Security governance structure, Information Security Policy and Standards in line with minimum baseline security Standards and industry best practices and regulations.
• Promotes and continuously improves Information Security posture of the organisation.
• Communicates with management to ensure support for the information security program.
• Formulates and reports appropriate Technology Security metrics to management.
• Work with ServiceDesk to create an enterprise-wide Information Security education and awareness campaign.

Qualifications:

• A Bachelor of Science in Computing or related degree from a recognized University.
• Possession of MBA or M.Sc. in Computing or related field is an added advantage.
• Must possess at least one internationally recognizable IT security certification such as CISM, CISSP, CISA, CASP, MCSE CEH or Security+. Having more than one certification is an added advantage.
• A minimum of 7 years’ experience in Information Technology, 3 of which must be in Senior IT Security Management with hands on experience in:
  • IT Security governance
  • Cloud IT Security management
  • Software / application and security architectures
  • IPS and vulnerability Testing tools
  • Active Directory management
  • Good understanding of endpoint solutions
  • An understanding of the perimeter security solutions
  • IT Security on O365, operating systems and databases in an heterogenous environment (UNIX, Microsoft, Oracle, SQL, Open source)
  • Wide knowledge of web security architecture.
  • Knowledge and skills on encryption, VPN

Desirable:

• Excellent verbal and written communication skills with technical and non-technical staff, end-users, and senior management.
• Strong teamwork skills to maintain strong working relationships, within and outside IT to develop a results-oriented work environment.
• Excellent follow-up skills to see tasks through to resolution and communicate problem status to end users such as notification of completion, notification of delay, and explaining rationale.
• Excellent analytical solving skills.
• Excellent organizational skills, prioritizing and managing multiple tasks.
• Offer and accept feedback and constructive suggestions.
• Good logical diagnostic skills and ability to exercise good judgement in the resolution of problems.
• Ability to multi-task in dealing with several different problems at a time.
• Ability to work under high pressure, meet deadlines, monitor and follow-up on pending matters under minimum supervision.

Competencies:

• Demonstrated high levels of confidentiality and integrity 
• Excellent interpersonal, written, presentation and communication skills 
• Excellent analytical, problem-solving and critical thinking skills. 
• Strong Management, leadership and decision-making skills 
• Ability to build strong and effective teams,  
• Ability to delegate and motivate teams.