ICT Roles at Church World Service

Primary Purpose

• This position is primarily responsible for the development of software applications to meet the business requirements of CWS RSC Africa, with the emphasis of the position being on the design and development of bespoke applications to meet the specific organizational requirements.
• The Software Developer must apply DevSecOps principles by embedding security into all stages of the software development lifecycle. This includes writing secure code, integrating automated security testing into CI/CD pipelines, collaborating with operations and security teams to ensure compliance, and proactively addressing vulnerabilities before deployment.

Responsibilities Technical Operations and Support (70%)

• Execute the full software development life cycle (SDLC) to build, test, and implement custom applications that drive organizational productivity.
• Maintain and integrate existing custom systems, ensuring seamless data flow and architectural consistency.
• Deploy and configure both cloud-based and on-premises software solutions under the guidance of the Senior Developer.
• Develop comprehensive test plans and documentation to validate software functionality against stakeholder requirements.
• Conduct rigorous unit and functional testing to identify, track, and resolve bugs prior to deployment.
• Require knowledge of secure coding practices, vulnerability management, and integration of security tools into CI/CD pipelines. Implement security controls in alignment with NIST SP 800-53 standards to ensure all developed software meets organizational and regulatory security baselines.
• Collaborate with senior leadership to ensure code integrity and adherence to secure coding practices. Developers must embed automated security checks (static code analysis, dependency scanning, container security) into their workflows.
• Author and update technical documentation, including system architecture diagrams, API specifications, and codebase comments.
• Produce clear, accessible user manuals to assist non-technical staff in navigating new software features.
• Investigate and resolve complex software issues escalated from the service desk, providing timely fixes for internal applications.
• Report project progress and technical roadblocks to the Senior Software Developer to ensure alignment with department goals.

Compliance Management (15%)

• Achieves and maintains a thorough knowledge and adherence to established RSC Africa, CWS/IRP, DOS/PRM and USCIS policies and procedures regarding database management for RSC Africa programs.
• Work closely with operations and security teams to ensure compliance and resilience. Ongoing training in secure development frameworks, emerging threats, and compliance standards is required.

Representation/Engagement (10%)

• Collaborate with cross-functional IT teams to execute complex projects, ensuring software solutions align with broader infrastructure and networking requirements.
• Contribute actionable recommendations to IT management regarding automationopportunities to streamline development workflows and organizational processes.
• Provide operational continuity by assisting with or assuming the responsibilities of peer IT specialists during peak periods or as directed by the Senior Software Developer.

Additional Roles and Responsibilities (5%)

• Any other tasks as assigned by the Software Development Supervisor or IT Management.

Experience Qualifications

• A minimum of 5 years directly related specialized experience performing the essential duties is required.
• Experience in ICT project management preferred.

Skills

• Strong knowledge in the web application development environment with relational databases.
• Strong knowledge in PostgreSQL Database architecture, design and development, including the ability to write complex queries and stored procedures.
• Strong knowledge in PHP using Laravel Framework and JavaScript programming languages.
• Knowledge in Golang programming language is preferred.
• Strong Knowledge in Object Oriented Programming.
• Knowledge of GIT Version Control.
• Strong knowledge in writing unit and functional tests
• Strong Knowledge in essential Windows and Linux system administration is required. Android programming using Kotlin experience a plus.
• Knowledge in Microsoft Azure Architecture is a plus.
• Experience working in a highly regulated environment with compliance requirements is a plus

Abilities

• Interpret written requirements and technical specification documents.
• Manage large and diverse workload under pressure with competing priorities.
• Maintain the integrity of official records.
• Analyze and solve complex problems and make sound decisions.
• Maintain a high-performance standard with attention to detail.

Education & Certifications

• Bachelor’s Degree in IT required.

Important Requirements

• Strong English communication skills, both written and oral.
• Ability to work in a multi-cultural environment required.
• Commitment to diversity, equity, and inclusion and willingness to support CWS’ Platform on Racial Justice as a CWS employee required.
• Remain alert and responsive to any child safeguarding and PSEAH (Prevention of Sexual, Exploitation, Abuse and Harassment) risks, acquire relevant knowledge and skills which will enable you to promote strong safeguarding PSEAH practices, understand the child safeguarding and PSEAH Policies and procedures, and conduct yourself in a manner consistent with the Child Safeguarding and PSEAH Policies.

Special Requirements

• The candidate should be in good health, willing and able to travel extensively in often difficult conditions and have a high degree of flexibility. Must have proof of Yellow Fever vaccination before traveling for RSC Africa.
• This position is based in Nairobi, Kenya
• This position always requires use of laptops, competence in Microsoft office packages is required.
• This position may require travel in sub-Saharan Africa on short notice and under sometimes difficult conditions to meet demands of a dynamic operational program
• Background check which includes references and an educational and criminal check is required before the start of employment.
• A valid passport and the ability to maintain a valid passport throughout the entire appointment is required, which includes having enough passport pages for travel.
• Physical: This position requires bending, squatting, crawling, climbing, kneeling, sitting, standing, walking, pushing/pulling, handling objects (manual dexterity), reaching above shoulder level, using fine finger movements and lifting/carrying heavy loads.
• Environmental: Incumbents in this position will be exposed to excessive noise, marked changes in temperature and/or humidity, dust and infectious diseases, harsh weather climates, long work hours, bumpy roads, extended travel, excessive sun exposure, and non-ventilated spaces.
• This is a Full-time position.
• All employees should be prepared to work from the CWS office within their location of hire. Remote work arrangements may vary depending on location and the governing rulings based on prevailing context.

go to method of application »

Primary Purpose

• The Project Lead Scrum Master, working closely with the development team and product owner is responsible for coordinating and supporting the smooth running of agile processes, ensuring team productivity, removing obstacles and compliance with operational and administrative policies.
• This role ensures the effective coordination of IT Software Development Team and Program engagement to meet programmatic goals and compliance standards. The Scrum Master leads cross-functional teams, drives process improvements, and serves as the secondary liaison with PRM, USCIS, and other stakeholders for efficient delivery.

​​​​​​​Responsibilities Requirements Specification

• Coordinate stakeholders: invite SMEs to refinement, clarify non‑functional requirements, and resolve conflicting priorities.
• Coach the Product Owner (PO) to own and prioritize the backlog; ensure the PO articulates value, acceptance criteria, and priority.
• Facilitate Backlog Refinement sessions so items become clear, small, and estimable (split epics, define acceptance criteria, surface dependencies).
• Enforce Definition of Ready (DoR) and Definition of Done (DoD) so the team only pulls sprint work that’s actionable and testable.
• Promote testable requirements by encouraging acceptance tests, using relevant scenarios to reduce ambiguity and defects.

Facilitate Scrum Ceremonies

• Plan and run Sprint Planning, Daily Standups, Sprint Review, Sprint Retrospective and Backlog Refinement.
• Run daily unblock huddles; create escalation path; map dependencies; assign owners.
• keep meetings time‑boxed and outcome‑focused.

Coach Team and Stakeholders

• Teach Scrum rules, provide servant‑leadership, and continuous improvement.
• Mentor individuals on collaboration and self‑organization.
• Communicate progress, risks, and dependencies to managers, developers, and business stakeholders.

Protect Team Focus

• Shield team from scope creep, unnecessary meetings, and ad‑hoc requests.
• Help Product Owner prioritize backlog. Help refine backlog, clarify acceptance criteria, and ensure user stories are ready for sprint planning.
• Establishing and tracking relevant metrics.

Remove Impediments

• Identify blockers (technical, organizational, external) and either resolve them or escalate with clear owner and resolution timelines.
• Mediates disagreements and fosters psychological safety.

Track and Report

• Track metrics (velocity, cycle time, sprint predictability, blocked time) and run experiments to improve them.
• Track readiness metrics: percent of sprint backlog meeting DoR at planning; number of rework items due to unclear requirements.
• Stakeholder Management through reporting.

Compliance

• Ensures all functions strictly adhere to the DOS/PRM, USCIS, RPC, CWS Africa policies, guidelines, and procedures.
• Ensures development, implementation, dissemination, monitoring and adherence to Processing Guides for processing of refugees eligible for the US Refugee Admissions Program in sub-Saharan Africa.
• Conducts job function observations to ensure compliance is met and identifies any areas of improvement or training needs.

Stakeholder Engagement and Representation

• Maintains effective relationships with RSC implementing partners, including PRM, IOM, UNHCR, RPC and domestic Resettlement Agencies.
• Ensure professional, timely, and proactive communication with partners.
• Represent CWS/RSC Africa’s values and policies to staff, partners, and applicants.
• Ensure staff professionalism in all external engagements

Additional Responsibilities

• Perform other duties as assigned to enhance program quality and efficiency.

Experience Qualifications

• A minimum of six years’ relevant paid work experience is required with hands‑on coaching and measurable team outcomes.
• Proven experience supporting software teams in Agile / Scrum environments.

Skills

• Strong communication and facilitation skills; experience with Jira, Confluence, or similar
• Strong verbal and written English language skills.
• Demonstrated computer skills, especially Microsoft Word, Excel, Outlook and PowerPoint.
• Excellent organizational and time management skills.

Education & Certifications

• Bachelor’s Degree in IT, Business, or related field, or four (4) additional year’s work experience in lieu of a bachelor’s degree.
• Certified Scrum Master (PSM I/II, CSM certification)

Abilities

• Understands enough of the product/tech stack to remove technical blockers.
• Prioritizes team needs, removes obstacles, protects team focus.
• Runs time‑boxed ceremonies, keeps meetings outcome‑driven.
• Teaches Agile practices, develops team autonomy and PO collaboration.
• Identifies root causes, escalates and coordinates cross‑team fixes.
• Aligns PO, managers, and external stakeholders to the sprint goal.
• Turns retrospectives into measurable experiments.
• Work under pressure with competing priorities
• Analyze and solve complex problems and make sound decisions.
• Work with minimal supervision.
• Maintain a high-performance standard with attention to detail.
• Work independently and contribute to overall operations of CWS Africa.
• Actively participate in the implementation of the U.S. Refugee Admissions Program (USRAP)

Important Requirements

• Strong English communication skills, both written and oral.
• Ability to work in a multi-cultural environment required.
• Commitment to diversity, equity, and inclusion and willingness to support CWS’ Platform on Racial Justice as a CWS employee required.
• Remain alert and responsive to any child safeguarding and PSEAH (Prevention of Sexual, Exploitation, Abuse and Harassment) risks, acquire relevant knowledge and skills which will enable you to promote strong safeguarding PSEAH practices, understand the child safeguarding and PSEAH Policies and procedures, and conduct yourself in a manner consistent with the Child Safeguarding and PSEAH Policies.

Special Requirements

• The candidate should be in good health, willing and able to travel extensively in often difficult conditions and have a high degree of flexibility. Must have proof of Yellow Fever vaccination before traveling for RSC Africa.
• This position is based in Nairobi in Kenya.
• This position requires use of laptops at all time, competence in Microsoft office packages is required.
• This position may require travel in sub-Saharan Africa on short notice and under sometimes difficult conditions to meet demands of a dynamic operational program.
• Background check which includes references, and an educational and criminal check is required before the start of employment.
• A valid passport and the ability to maintain a valid passport throughout the entire appointment is required, which includes having enough passport pages for travel.
• Environmental: Incumbents in this position will be exposed to excessive noise, marked changes in temperature and/or humidity, dust and infectious diseases, harsh weather climates, long work hours, bumpy roads, extended travel, excessive sun exposure, and non-ventilated spaces.
• The US Embassy rates Kenya as both HIGH in crime and HIGH in terrorism. Incumbents should fully understand the insecurities present within Kenya and the region.
• The position is Full time
• All employees should be prepared to work from the CWS office within their location of hire. Remote work arrangements may vary depending on location and the governing regulations based on prevailing context.

go to method of application »

Primary Purpose

• This position is primarily responsible for assisting with the daily maintenance of the organization’s computer, network systems, service desk management and assisting individual staff with resolving computer software and hardware problems (staff support). The position requires flexibility, initiative, and confidence in dealing with different types of systems and more importantly, different types of people.

Responsibilities IT Service Management (25%)

• Serve as the first point of contact for clients seeking technical assistance over the phone or through the service desk system.
• Perform remote troubleshooting through diagnostic techniques and appropriate questions.
• Direct and escalate unresolved issues to the next level of support personnel.
• Record events, problems, and resolution in the service desk system while providing updates to the clients.
• Provide regular and accurate management reporting on IT Service performance to IT Support Supervisors or IT Manager.
• Prepare and set up IT equipment required by teams working in the field.
• Provide remote or onsite IT support to teams in the field (this involves travelling to remote field processing locations).
• The holder of this position must have an overview of the performance of existing IT systems and propose changes to improve systems efficiency.

Network Administration and Support (20%)

• Administer, monitor, and maintain LAN, WAN, WLAN, and VPN infrastructure to ensure optimal performance and availability.
• Configure and support network devices including routers, switches, firewalls, and wireless access points (e.g., Cisco devices, Meraki).
• Perform network troubleshooting, diagnostics, and root cause analysis to resolve connectivity and performance issues.
• Support installation, configuration, and maintenance of Dedicated Internet Networks (DINs) in field locations.
• Monitor network performance and implement improvements to enhance reliability, security, and efficiency.
• Assist in enforcing network security controls, including firewall policies, access control, and endpoint protection.
• Collaborate with systems administrators on infrastructure integration, upgrades, and capacity planning.
• Maintain accurate documentation of network configurations, topology, and standard operating procedures.
• Apply routine patching, antivirus updates, and assist in enforcing firewall/VPN usage for secure access.
• Implement access controls, monitor traffic, apply patches, and enforce encryption to safeguard systems.
• Maintain failover systems, dual ISP connections, and load balancing to ensure continuous availability.

Compliance (20%)

• Achieves and maintains a thorough knowledge and adherence to established Resettlement Support Center (RSC) Africa, CWS/Immigration Refugee Program, Department of State (DOS)/Bureau of Population, Refugees and Migration (PRM) and US Customs and Immigration Services (CIS) policies and procedures regarding the CWS Africa programs management.
• Works with the systems and network administrators in daily systems monitoring, maintenance, troubleshooting and research to provide guidance to the IT Management and to ensure systems availability.

Collaboration /Engagement (30%)

• Collaborates with and supports the sub office IT staff with their tasks and various projects.
• Working with other IT sub-units’ staff on various projects.
• Works with the IT Support Supervisor in analyzing service desk data to make inferences on training and technological needs.
• Works with the systems and network administrators in daily systems monitoring, maintenance, troubleshooting and research to provide guidance to the IT Management and to ensure systems availability.
• Plans for and delivers IT training to RSC staff in collaboration with the training unit.
• Work closely with IT staff from Partner organizations for remote field IT support.
• Work with external vendors on the installation, setup, and maintenance of Dedicated Internet Networks (DINs) and networking associated tasks in remote processing locations.
• Pass on any feedback or suggestions by customers to the internal escalation team.

Additional Responsibilities (5%)

• Performs any other duties as assigned to improve the operations of CWS Africa.
• When needed, covers the responsibilities of the other IT Specialists.

Experience Qualifications

• A minimum of 5 years of experience in IT.
• A minimum of 1 to 2 years' experience in managing and maintaining computer networks, preferably in a Windows-based environment required.

Skills

• The ability to interact with CWS Africa personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
• Ability to effectively manage, organize and prioritize work in a fast-paced environment.
• Service-oriented ITSM mentality with ability to provide excellent customer service.
• Ability to communicate effectively and professionally orally and in writing with staff across all levels.
• Strong knowledge of using and managing IT service desk systems.
• Excellent problem-solving skills and willingness to constantly renew required knowledge.
• Excellent troubleshooting and problems solving skills in a Windows based environment.
• Strong knowledge in Active Directory and Microsoft 365 administration.
• Strong knowledge and skills in latest Windows Server setup and administration.
• Knowledge and working experience with administration of database systems, especially MS SQL Server.
• Strong knowledge of VMWare – virtualization technology.
• Strong knowledge in data leak, loss, and encryption methods (BitLocker, McAfee or any other).
• Strong, up-to-date knowledge of systems security in a large network environment.
• Knowledge in networking (LAN, WLAN and VPN), especially with Cisco managed devices (Firewalls, Routers, and switches).
• Knowledge of TCP/IP Architecture and OSI Model.
• Knowledge and experience of change management.
• Proactively finds solutions rather than waiting for answers and self-propelled person that likes to work.

Education & Certifications

• Bachelor’s degree in IT or Computer Science or four (4) years of directly related experience in lieu of a bachelor’s degree is required.
• Industry IT Certifications (OS, Networking, Systems Administration, Cloud Security and ITIL) desirable

Abilities

• Manage large and diverse workload under pressure with competing priorities;
• Maintain the integrity of official records;
• Analyze and solve complex problems and make sound decisions;
• Work with minimal supervision;
• Maintain a high-performance standard with attention to detail;
• Work independently and contribute to overall operations of RSC Africa;
• Actively participate in the implementation of the U.S. Refugee Admissions Program (USRAP).

Important Requirements

• Strong English communication skills, both written and oral.
• Ability to work in a multi-cultural environment required.
• Commitment to diversity, equity, and inclusion and willingness to support CWS’ Platform on Racial Justice as a CWS employee required.
• Remain alert and responsive to any child safeguarding and PSEAH (Prevention of Sexual, Exploitation, Abuse and Harassment) risks, acquire relevant knowledge and skills which will enable you to promote strong safeguarding PSEAH practices, understand the child safeguarding and PSEAH Policies and procedures, and conduct yourself in a manner consistent with the Child Safeguarding and PSEAH Policies.

Special Requirements

• The candidate should be in good health, willing and able to travel extensively in often difficult conditions, and have a high degree of flexibility. Must have proof of Yellow Fever vaccination before traveling for RSC Africa.
• This position is based in Nairobi in Kenya.
• This position requires use of laptops at all time, competence in Microsoft office packages is required.
• This position may require travel in sub-Saharan Africa on short notice and under sometimes difficult conditions to meet demands of a dynamic operational program.
• Background check which includes references, and an educational and criminal check is required before the start of employment.
• A valid passport and the ability to maintain a valid passport throughout the entire appointment is required, which includes having enough passport pages for travel.
• This position is full time.
• All employees should be prepared to work from the CWS office within their location of hire. Remote work arrangements may vary depending on location and the governing regulations based on the prevailing context.

go to method of application »

Primary Purpose

• The Software Development Supervisor position is primarily responsible for taking lead in developing software applications by studying operations; designing, developing, and installing software solutions; managing the entire software development life cycle. This position supervises IT software developers.
• The supervisor must integrate security practices into every stage of the software development lifecycle (SDLC). This includes leading secure design reviews, integrating automated security testing into CI/CD pipelines, enforcing compliance with organizational and regulatory standards, and fostering a culture of shared responsibility for security across development and operations teams.

Responsibilities Leadership and Management (15%)

• Direct the early-stage development of new products by overseeing idea screening, conducting technical feasibility studies, and spearheading concept development.
• Cultivate technical expertise within the team by researching state-of-the-art development tools, emerging programming techniques, and modern computing hardware.
• Lead the design of system specifications and standards to ensure all developed applications are scalable, performant, and aligned with technical requirements.
• Champion DevSecOps culture across teams, ensuring developers, testers, and operations staff adopt secure coding and deployment practices.

Technical Operations Oversight and Support (55%)

• Architect end-to-end software solutions by evaluating organizational needs, conducting stakeholder consultations, and analyzing complex system flows and data usage.
• Drive operational improvements by conducting deep-dive systems analysis and recommending strategic changes to departmental policies and procedures.
• Identify and mitigate potential technical bottlenecks or problem areas early in the software development lifecycle (SDLC) to ensure project viability.
• Standardize documentation practices by developing high-level layouts, system diagrams, and architectural charts that clearly demonstrate solution logic.
• Enforce code quality standards across the team through rigorous code reviews, ensuring the delivery of clean, well-commented, and maintainable codebases.
• Manage the deployment and installation of enterprise-level solutions, ensuring adherence to established programming standards and system specifications.
• Supervise the resolution of high-priority software development requests escalated from the service desk, providing expert technical guidance to junior developers.
• Design and optimize automated build, test, and deployment pipelines to ensure rapid and reliable software delivery.
• Oversee the provisioning and management of cloud and on-premises infrastructure using automation tools to ensure environment consistency.
• Implement robust monitoring, logging, and alerting systems to proactively identify performance bottlenecks and ensure high system availability.
• Automate the integration of security scanning and compliance checks directly into the deployment workflow
• Manage branching strategies (e.g., GitFlow) and merge requests to ensure the main codebase always remains stable and deployable.

Compliance Management (15%)

• Achieves and maintains a thorough knowledge and adherence to established RSC Africa, CWS/IRP, DOS/PRM and USCIS policies and procedures regarding database management for RSC Africa programs.
• Knowledge of CI/CD pipelines, automated security testing, vulnerability management, and compliance frameworks is required.

Representation/Engagement (10%)

• Provides input and recommendation to the IT manager on IT automation.
• When needed, covers the responsibilities of the other IT specialists.
• Training staff on the use of developed applications.

Additional Roles and Responsibilities (5%)

• Any other tasks as assigned by the Software Development Manager or IT Management

Experience Qualifications

• A minimum of six years relevant paid work experience required.
• Four (4) years of directly related specialized experience performing the essential duties in custom software/application development is required.
• A minimum of one year direct supervisory experience required.
• Experience in software development project management is preferred.

Skills

• Strong knowledge in the web application development environment with relational databases.
• Strong knowledge in PostgreSQL Database architecture, design and development, including the ability to write
• in PHP using Laravel Framework and JavaScript programming languages.
• Knowledge in Golang programming language is preferred.
• Strong Knowledge in Object Oriented Programming.
• Knowledge of GIT Version Control.
• Strong complex queries and stored procedures.
• Strong knowledge Knowledge in essential Windows and Linux system administration is required. Android programming using Kotlin experience a plus.
• Knowledge in Microsoft Azure Architecture is a plus.
• Experience working in a highly regulated environment with compliance requirements is a plus

Abilities

• Interpret written requirements and technical specification documents.
• Supervise staff to ensure policies and procedures are implemented and executed in accordance with guidelines and standard operating procedures.
• Maintain a high-performance standard with attention to detail, completing tasks within set timeframes.
• Exercise good judgement and seek guidance as appropriate when confronted with unanticipated problems.
• Deal effectively and courteously with many associates, outside agencies, refugees and members of the public.
• Manage large and diverse workload under pressure with competing priorities.
• Maintain the integrity of official records;
• Analyze and solve complex problems and make sound decisions.
• Work with minimal supervision.
• Maintain a high-performance standard with attention to detail.

Education & Certifications

• Bachelor’s Degree in is IT required
• Azure and Project Management Certification is preferred.

Important Requirements

• Strong English communication skills, both written and oral.
• Ability to work in a multi-cultural environment required.
• Commitment to diversity, equity, and inclusion and willingness to support CWS’ Platform on Racial Justice as a CWS employee required.
• Remain alert and responsive to any child safeguarding and PSEAH (Prevention of Sexual, Exploitation, Abuse and Harassment) risks, acquire relevant knowledge and skills which will enable you to promote strong safeguarding PSEAH practices, understand the child safeguarding and PSEAH Policies and procedures, and conduct yourself in a manner consistent with the Child Safeguarding and PSEAH Policies.

Special Requirements

• The candidate should be in good health, willing and able to travel extensively in often difficult conditions and have a high degree of flexibility. Must have proof of Yellow Fever vaccination before traveling for RSC Africa.
• This position is based in Nairobi, Kenya
• This position always requires use of laptops, competence in Microsoft office packages is required.
• This position may require travel in sub-Saharan Africa on short notice and under sometimes difficult conditions to meet demands of a dynamic operational program
• Background check which includes references and an educational and criminal check is required before the start of employment.
• A valid passport and the ability to maintain a valid passport throughout the entire appointment is required, which includes having enough passport pages for travel.
• Physical: This position requires bending, squatting, crawling, climbing, kneeling, sitting, standing, walking, pushing/pulling, handling objects (manual dexterity), reaching above shoulder level, using fine finger movements and lifting/carrying heavy loads.
• Environmental: Incumbents in this position will be exposed to excessive noise, marked changes in temperature and/or humidity, dust and infectious diseases, harsh weather climates, long work hours, bumpy roads, extended travel, excessive sun exposure, and non-ventilated spaces.
• This is a Full-time position.
• All employees should be prepared to work from the CWS office within their location of hire. Remote work arrangements may vary depending on location and the governing rulings based on prevailing context.

go to method of application »

Primary Purpose

• This position is primarily responsible for taking lead in the management of CWS Africa information system security program to ensure that information assets are adequately protected by others, identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization.
• They supervise the Senior Information Security Officers (SISO) and oversee the development, adoption, implementation and enforcement of information security policies, procedures, and standards to ensure compliance with the organizational IS security framework, NIST, and other Information security, privacy, legal requirements and best practices.
• The position requires documentation and presentation skills, analytical and critical thinking skills, the ability to identify needs, flexibility, initiative, and confidence in dealing with different types of complex systems, network, software, equipment, and different types of people.

Responsibilities Strategic Support and Management

• Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled, or processed by the organization.
• The CWS Africa Information System should be secured according to the organizational defined policies, Integrity and Compliance Guide, Federal IT security requirements and the National Institute of Standards Technology (NIST) moderate controls among other information systems local and global legal and best practice requirements.
• Manage the enterprise's information security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management, and annual performance reviews.
• Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
• The SMIS provides input and recommendations to IT and CWS Africa management on systems security updates and trends advises on key IT security areas including risk management, legal and regulatory compliance, and policy in all CWS Africa countries of operation; and oversees ongoing risk identification, remediation, compliance, and vendor risk management.
• Works with SISO to develop, maintain and publish up-to-date information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
• Create, communicate, and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from consultants, consultants, and other service providers.
• Work with the Regional IT Director to develop and manage information security budgets and monitor them for variances.
• Review and approve information security and risk management awareness training programs for all employees, contractors, and approved system users, working closely with the training department.
• Work directly with the business units to facilitate IT risk assessment and risk management processes and collaborate with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
• Provide regular reporting on the status of the information security program to enterprise risk teams, senior business leaders, and the board of directors as part of a strategic enterprise risk management program.
• Create and maintain a framework for roles and responsibilities regarding information ownership, classification, accountability, and protection.
• Enhance the information security management framework based on Federal government requirements and oversee consistent implementation.
• Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
• Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
• Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
• Ensure that security programs comply with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
• Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support, and in-house consulting in these areas.
• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services, including, but not limited to, privacy, risk management, compliance, and business continuity management.

Security Liaison

• Liaise among the information security team and corporate compliance, Risk & Compliance, Supply Chain, HR, Programs among other relevant management teams as required.
• Liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure that the organization maintains a strong security posture.
• Liaises with RPC and CWS HQ IT security personnel on any security related matters or incidents. Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.
• Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contracts and service-level agreements.
• Manage security issues and incidents and participate in problem and change management forums.
• Ensuring timely reporting and adequate participation in investigation for ICT security incidents.
• Collaborate with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
• Work with IT and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program.

Architecture / Engineering Support

• Consult with IT and security staff to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications, and software.
• Works with relevant IT Staff in systems configuration management, changes, updates and daily monitoring and reporting as required by IT management; Provides IT security related assistance and oversight to IT Officers in South Africa, Tanzania, Uganda, and all sub offices.
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
• Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.
• Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

Operational Support

• Coordinate measures and report on the technical aspects of security management.
• Manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements.
• Manage and coordinate operational components of incident management, including detection, response, and reporting.
• Maintain a knowledgebase comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.
• Oversee day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, communicate information about residual risk, review, edit and approve reports.
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and comply with policies and audit requirements.
• Oversee Annual internal IT security Audit/Assessment against the NIST security framework; including a risk assessment and budget estimation for risk mitigation and treatment; and ensuring compliance with all the regulatory controls.
• Design, coordinate, and oversee security-testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
• Design, coordinate, and oversee security-testing procedures to verify the security of systems, networks, and applications, and manage the remediation of identified risks.
• Resolves all escalated IT security related requests escalated from the SISO and the service desk Performs other duties assigned by the IT Coordinator or the CWS Africa management team when necessary.

Experience Qualifications

• A minimum of eight (8) years’ paid IT work experience is required.
• 3 years of experience in IT Security is required.
• 2 years’ supervisory experience is required
• 2 years’ experience in managing, securing, maintaining and design of computer systems, preferably Windows based, is preferred.
• Experience in managing major IT projects is preferred.

Skills

• Strong leadership skills and the ability to work effectively with business managers, IT engineering, and IT operations staff.
• The ability to interact with CWS Africa personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
• Knowledge and understanding of relevant legal and regulatory requirements, such as NIST, South Africa’s POPIA, Kenya Data Protection Act, Cloud Security Policy, among other relevant local or global laws, standards, and regulations.
• Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Project management skills: financial/budget management, scheduling, and resource management.
• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
• A strong understanding of the business impact of security tools, technologies, and policies.
• Strong leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision.
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.
• Experience working with legal, audit and compliance staff.
• Experience developing and maintaining policies, procedures, standards, and guidelines.
• Experience with common information security management frameworks, such as National Institute of Standards and Technology, International Standards Organization (ISO) 2700, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks among others
• Proficiency in performing risk, business impact, control and vulnerability assessments, audits, and in defining treatment strategies.
• Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• An understanding of operating system internals and network protocols.
• Familiarity with the principles of cryptography and cryptanalysis.
• Experience in system technology security testing (vulnerability scanning and penetration testing).
• Familiarity in application technology security testing (white box, black box, and code review).
• Strong, up-to-date knowledge of systems security and administration in a large network environment

Education & Certifications

• Bachelor’s degree in IT field, or four (4) years’ work experience in IT if a bachelor’s degree required. A master’s degree is preferred.
• Other advanced professional training in IT Security is required (NIST CSP, CISSP, GIAC, CISA, CISM, CompTIA Security+) related or equivalent.

Abilities The Senior Manager, Information Security must have the ability to:

• discuss technical information with users of diverse technical levels and discern their needs.
• facilitate and negotiate.
• communicate technical reports effectively at any level.
• communicate effectively both verbally and in writing.
• follow instructions from the Supervisor with a positive and receptive attitude.
• deal effectively and courteously with associates, outside agencies, refugees, and members of the public.
• conduct oneself in a professional and courteous manner to represent the best interests of CWS Africa and CWS/IRP.
• maintain a high-performance standard with attention to detail.
• perform all the duties of the position efficiently and effectively with minimal supervision.
• work independently and contribute to overall operations at management level.
• take initiative in the development and completion of projects.
• lead others and address issues as they arise.
• maintain strict confidentiality with CWS Africa administrative and operational information.
• manage a large and diverse workload under pressure with competing priorities.
• analyze and solve complex problems.
• work well as a team in a multi-cultural environment while maintaining a high level of motivation.
• effectively manage CWS Africa’s resources.
• actively participate in the implementation of the U.S. Government Operational Refugee Processing Program in Africa

Important Requirements

• Strong English communication skills, both written and oral.
• Ability to work in a multi-cultural environment required.
• Commitment to diversity, equity, and inclusion and willingness to support CWS’ Platform on Racial Justice as a CWS employee required.
• Remain alert and responsive to any child safeguarding and PSEAH (Prevention of Sexual, Exploitation, Abuse and Harassment) risks, acquire relevant knowledge and skills which will enable you to promote strong safeguarding PSEAH practices, understand the child safeguarding and PSEAH Policies and procedures, and conduct yourself in a manner consistent with the Child Safeguarding and PSEAH Policies.

Special Requirements

• The candidate should be in good health, willing and able to travel extensively in often difficult conditions and have a high degree of flexibility. Must have proof of Yellow Fever vaccination before traveling for RSC Africa.
• This position is based in Nairobi in Kenya.
• This position requires use of laptops at all time, competence in Microsoft office packages is required.
• This position may require travel in sub-Saharan Africa on short notice and under sometimes difficult conditions to meet demands of a dynamic operational program.
• Background check which includes references, and an educational and criminal check is required before the start of employment.
• A valid passport and the ability to maintain a valid passport throughout the entire appointment is required, which includes having enough passport pages for travel.
• Environmental: Incumbents in this position will be exposed to excessive noise, marked changes in temperature and/or humidity, dust and infectious diseases, harsh weather climates, long work hours, bumpy roads, extended travel, excessive sun exposure, and non-ventilated spaces.
• The US Embassy rates Kenya as both HIGH in crime and HIGH in terrorism. Incumbents should fully understand the insecurities present within Kenya and the region.
• The position is Full time
• All employees should be prepared to work from the CWS office within their location of hire. Remote work arrangements may vary depending on location and the governing regulations based on prevailing context.