Senior Information Security Officer at Communications Authority of Kenya

Job Specifications
The duties and responsibilities of the Senior Information Security officer will entail: -

• Participating in the implementation of the Authority’s ICT strategy, plans, policies, procedures, and the information security program;
• Ensuring that information security is incorporated into all aspects of the Business.
• Implementing the security and disaster recovery aspects of the Authority’s ICT Systems;
• Identify, assess, investigate, and remediate security breaches and other cybersecurity incidents;
• Install security measures and operate hardware and software to protect the Authority's Computers, Networks, and Data against threats, such as security breaches, computer malware, Social Engineering, or attacks by cyber-criminals;
• Participate in the maintenance of the ISO/IEC 27001 Certification for the Authority;
• Creating updates and overseeing execution of security assessments and analysis of systems on a daily, weekly, monthly, quarterly, and annual basis;
• Ensure that all Servers and other ICT-related equipment are hardened for compliance and/or industry standards;
• Ensure that all information technology/service diagrams are up to date and appropriately documented;
• Guide the Incident Response Team (IRT) in handling information security incidents;
• Perform routine audits of firewall(s), SIEM and log management, intrusion detection and prevention systems, and content filtering controls;
• Ensure all levels of staff are provided with relevant training and advisory materials on information security matters;
• Participating in testing the Authority’s systems backups and test procedures for the disaster recovery process to ensure continuity of operations;
• Creating patch management plans and upgrades regularly to enhance system hardware and software security in liaison with the System Administration team;
• Monitoring the implementation of ICT System access privileges and matrices, control structures, and proper use of authorized resources;
• Performing technical risks, vulnerability assessments, and penetration tests to ensure internal security controls operate optimally;
• Fixing detected vulnerabilities or any security-related noncompliance gaps in liaison with the System and Network Administration team to maintain a highsecurity standard;
• Participating in the implementation of security improvements by assessing the current situation; evaluating trends and anticipating requirements;
• Conducting assessment on the security of new applications and programs prior to installation or upgrades;
• Participating in the implementation of Quality Assurance (QA) policies, standards and procedures;
• Creating System test plans, requirements, scenarios, and test data for use during testing;
• Creating QA reports and filing Systems bug tickets based on the outcome of QA Test cycles;
• Conducting System post-release/ post-implementation testing;
• Carrying out cross-functional engagement to ensure quality throughout the System development lifecycle.
• Carrying out effective Information Security Related Project management

 Person Specifications

For appointment to this grade, a candidate must: -

• At least four (4) years of relevant work experience in the Public or Private sector
• Bachelor's Degree in any of the following disciplines: - Information Technology, Computer Science, Management Information Systems (MIS), Business IT, Software Engineering, ICT Project Management, Computer Engineering, or any other relevant and equivalent qualification from a recognized Institution;
• At least any one (1) certification from relevant professional bodies in either CCNP, CDCP, CCNA Cloud, CCNA Industrial/IoT, CCNA, MCSE, MCSA, MCSD, N+, A+ OCA, CISSP, Linux+, Network+, Microsoft Certified IT Professional (MCITP), CISA, CISM, CGEIT or other equivalent qualifications from a recognized institution, is an added advantage;
• Supervisory Course lasting not less than two (2) weeks from a recognized institution;
• Shown merit and ability as reflected in work performance and results;
• Fulfilled the requirements of Chapter Six of the Constitution of Kenya 2010

Key Competencies and Skills

• Communication and reporting skills;
• Attention to detail skills;
• Problem-solving and analytical skills;
• Interpersonal and negotiation skills;
• Professionalism; and
• Ethical and integrity