IT Security Specialist at KEMRI Wellcome Trust Research Programme (KWTRP)

JOB PURPOSE: 

Maintain and enhance the security policies and standards to ensure all issues of security, risk and performance are fully addressed and to provide Information Security services to the organization

Description: 

Reports to: IT Risk and Security Manager

Key Responsibilities

• Audit and constant monitoring of all systems, internal and external information security infrastructure, including but not limited to Firewalls, Proxy Servers, Anti-Virus, Anti-Malware, Intrusion Detection Software to provide optimum security, performance, and availability.
• Perform vulnerability assessment and penetration testing on KWTRP infrastructure and applications to ensure that they are secure from external or internal hacking attempts.
• Provide technical security reports to the Senior IT Managers and IT Risk and Security Manager.
• Develop IT Security Policies, Minimum Baseline Security Standards in line with industry best practices and technologies, commensurate with risk and regulatory requirements and implementing the same cost effectively.
• Provide technical security related support to new projects from inception through to successful implementation.
• Support the implementation of procedural, operational and technical Security Architecture enhancements.
• Ensure constant monitoring of the environment for security vulnerabilities or breaches.
• Ensure processes and procedures are in place to maintain security and integrity of the Information & Technology environment and that these are adhered to.
• Establish stringent access control management on user account creation, maintenance and termination on operating systems, applications, and databases to ensure information systems security.
• Train users and promote security awareness to ensure system security and to improve server and network efficiency.
• Manage IT Security Incidences, Problems, Events and Service requests, Raising Change Requests to transit resolves to technology problems. Transiting technology products in the Service Portfolio, retiring and replacing them at the end of the lifecycle.
• To carry out project-based work to implement new Security solutions.
• Develops and maintains the patch management process and ensures all patches are in place.
• Updates the IT risk register on a regular basis.
• Updates the IT vulnerability register on a regular basis.
• Provides 1st and 2nd line support for IT Security technical user issues.
• Supports the Disaster recovery and testing plans.
• Provide level 2 and 3 soc analyst support.
• Manage IT security tools such as Vulnerability management, EDR and PAM
• Carry out IT risk assessment on a scheduled basis.
• Provide support in the implementation of information security programs as per strategy requirements.

Job Specification

• A Bachelor of Science in Computing or related degree from a recognised University.
• Internationally recognized IT security certification such as CISM, CISSP, CISA, CASP, ISO 27001 Implementer and or Auditor, MCSE CEH or Security+.
• At least 5 years’ experience in Information Technology, 3 of which must be in IT Security function with hands on experience in the following areas listed below:
• IT risk and Security compliance solutions
• Cloud IT Security applications
• Software / application and security architectures
• IPS and vulnerability Testing tools
• Active Directory management
• Good understanding of endpoint solutions
• Understanding of the perimeter wall solution
• IT security monitoring
• Good understanding of IT security tools such as SIEM, PAM and DAM

Desirable

• IT Security on O365, operating systems and databases in an heterogenous environment (UNIX, Microsoft, Oracle, SQL, Open source)
• Wide knowledge of web security architecture.
• Knowledge and skills on encryption, VPN
• Excellent verbal and written communication skills with technical and non-technical staff, end-users, and senior management.
• Strong teamwork skills to maintain strong working relationships, within and outside IT to develop a results-oriented work environment.
• Excellent follow-up skills to see tasks through to resolution and communicate problem status to end users such as notification of completion, notification of delay, and explaining rationale.
• Excellent analytical solving skills.
• Excellent organizational skills, prioritizing and managing multiple tasks.
• Offer and accept feedback and constructive suggestions.

Competencies:

• Demonstrate high levels of integrity.
• Analytical and problem-solving skills
• Ability to multi-task and stay organized in a dynamic work environment.
• Ability to provide adhoc support to different database environments.
• Strong interpersonal and communications skills, both in writing and oral
• Logical diagnostic skills and ability to exercise good judgement in the resolution of problems.
• Ability to learn new programming languages quickly.
• Ability to write, edit, and debug computer programs to achieve desired output.
• Strong understanding of the software development cycle.
• Good presentation skills.