IT Security Officer at The Nairobi Hospital

REF : REF/TNH/ITSO/08/22

Reporting to Head of ICT the successful candidate will be responsible in assessing, resolving and maintaining the Hospital’s applications, infrastructure and network security requirements in order to ensure alignment of IT security with business security needs including reviewing and assessing the Hospital’s applications.

Main Duties & Responsibilities

• Implement, support, maintain and administrate the Hospital’s IT security solutions including application, database, network and infrastructure security controls.
• Ensure that all the Hospital’s IT application systems, IT equipment and hardware and IT network security are regularly upgraded.
• Provide periodic IT Security status reports (daily, weekly, monthly etc.)
• Investigate and report on any IT security breaches and put in place the relevant actions.
• Act as a central point of contact for security issues.
• Assist in performing Business Impact Analysis (BIA);
• Participate in developing, updating, communicating and publishing the Information Security Policy other operational security policies.
• Assist in the development of security controls and security strategies.
• Ensure that the Confidentiality, Integrity and Availability of services are maintained at the levels agreed in the Service Level Agreements (SLAs);
• Ensure that all access to services by external partners and suppliers is subject to contractual agreements and responsibilities (e.g. non-disclosure agreements) and are closely monitored and that all changes to access are assessed for impact on all security aspects; including information security policy and controls;
• Actively identify options for reducing IT security risks within the Hospital.
• Identify and classify IT and information assets and the level of control and protection required for assets based on their classification.
• Perform security risk analysis and risk management in coordination with Risk and IT Service Continuity Management functions.
• Promote awareness of IT security across the Hospital.
• Perform security tests (e.g., network vulnerability tests);
• Provide the Hospital’s staff with the correct IT access and monitor IT access for compliance to the Hospital’s policies.
• Assist in the development and testing of the Hospital’s Disaster Recovery Plans (DRPs);
• Create manage user profiles, adds and deletes access rights and perform related profile maintenance and password control activities.
• Manage network security breaches, providing containment solutions, communications to management, and developing stop-gap methodologies across the Hospital.
• Monitor the Hospital’s IT network data to ensure the prevention of incidents that negatively impact confidentiality, availability, and integrity of the Hospital’s IT network.
• Ensure the security of the Hospital’s infrastructure network including servers (e-mail, print, and backup servers), and other IT infrastructure.
• Investigate and report on any IT network security breaches and put in place the relevant actions.
• Actively identify options for reducing IT network security risks within the Hospital; and
• Any other responsibilities that may be assigned to the job holder by the supervisor from time to time.

Qualifications, Skills & Experience

• Bachelor of Science degree in Computer Science, Software Engineering or any other related field from a recognized institution.
• Professional ICT qualifications such CISSP, CISM, CISA, CRISC is an added advantage.
• Minimum of 3 years’ IT Security experience