Job Grade: KTNA 6 Reports to: Manager ICT
Purpose for the Job
The jobholder is responsible for the development and implementation of a comprehensive information security program and associated policies to provide assurance that KENTRADE’s information assets are protected and that information is used in accordance with its intended purpose.
The officer is responsible for protection of KENTRADE’s data and infrastructure from external and internal threats and ensuring compliance with statutory and regulatory requirements regarding information access, security and privacy.
The Information Systems Security Officer is also responsible for continuous information risk assessment to ensure efficient risk management for the Agency.
Job Duties & Responsibilities
Managerial Responsibilities
Development and operationalization of the corporate information security management program
Development of information security policies and procedures.
Development of ICT Security Section Budget and Procurement Plan.
Reporting on the information security posture of the Agency.
Operational Responsibilities
Develop and spearhead the implementation of a comprehensive information security and privacy program for KENTRADE.
Development of KENTRADE’s ICT security policies, standards, procedures and Guidelines.
Monitor the organisation’s networks and systems for security breaches and vulnarabilities and investigate violations when they occur.
Lead in the design, implementation, operation and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards.
Spearhead IT disaster recovery planning as part KENTRADE’S business continuity management.
Develop and implement ICT risk management processes for protection of the agencies information assets. Collect and summarize security events and data including preparing security reports eventual remedial actions to be taken.
Lead in the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations.
Administer ICT security tools, Maintain security escalation and contact lists and security logs.
Ensure that all business recovery/contingency plans and/or procedures are always kept up to date.
Coordinate information security awareness, training and educational activities.
Keep abreast of latest security advisories and vulnerabilities pertaining to KENTRADE and its mission and take appropriate action.
Minimum Academic and Professional Qualifications
Bachelor’s degree in IT, Computer Science, Information Systems or related field.
Certified Information Security Manager (CISM) and/or Certified Information System Security Professional (CISSP). ISACA Member.
Professional Work Experience
At least four (4) years ICT Security work experience;
Mandatory experience in developing and administering an Information Security Program;
Experience in managing information security in Heterogeneous environments running Oracle Solaris and Windows Operating Systems;
Demonstrable experience in working with various ICT Security Tools such as Firewalls.