Job Description
We are pleased to announce the following vacancy in the Enterprise Risk Department within the Risk Management Division. In keeping with our current business needs, we are looking for a person who meets the criteria indicated below.
Reporting to the Head of Department – Enterprise Risk the position holder will be responsible for developing, implementing and maintaining a comprehensive programme to assess and mitigate current and emerging cyber risks that impact on Safaricom information systems.
Roles Identify, develop and maintain a list of critical internal and external facing assets and services across GSM and non-GSM networks
Conduct adequate technical risk review of operating systems, databases and applications across information systems
Conduct cyber risk assessments, analysis and follow-up on mitigation plans
Implement cyber risk monitoring for critical external-facing systems
Ensure implementation of measures to close gaps identified in cyber risk penetration testing and vulnerability assessments
Implement cyber security awareness for internal users as well as customers and suppliers
Conduct research on global cyber trends and present the information for management decision-making
Analyse cyber risk trends from system logs and data collected in SIEM and other systems, and provide trend analysis reports as well as recommendations to mitigate identified risks
Review and ensure adequate policies are implemented to manage Information risk across the company
Develop and implement back-up policies across critical systems, including back-up and restore frequencies as well as restore testing, and provide recommendations for improvements as part of our cyber response strategy.
Provide guidance to the Crisis management team on cyber security response strategies.
Provide guidance in the interpretations of current policies related to specific situations as they arise and conduct policy exception reviews
Conduct enterprise information risk assessments at agreed regular intervals to assess and track the health of information management across the organization
Conduct risk assessments at agreed intervals across information processing sites
Perform ad-hoc risk assessments as per managements’ request
Offer guidance on security risks on emerging threats and advise the business accordingly. Offer specialist guidance & advisory to other business units for timely assurance of key / special projects.
Offer guidance and support on the planning, implementation, monitoring and review of the Information Security Management System
Support the implementation and maintenance of a robust framework to adequately collect, audit and monitor logs across critical systems.
Job Requirements
Degree in IT, Business Information Systems (or related technical field) from a recognized university
Holder of at least one of the following certifications: CISA, CISM or CISSP
At least 4 years proven working experience in operational management of Information Systems / Information Security / Information Systems Audit role, or proven experience in business process assurance and/or risk analysis preferably in a telecommunications environment
Detailed knowledge of GSM and IT Networks is essential.
go to method of application »
Use the link(s) below to apply on company website.
Apply via :
Leave a Reply