Job description
To ensure the security of Kenya Airways information and supporting infrastructure by putting in place measures, solutions and processes to mitigate any information security risks.
Conduct regular vulnerability assessments on the company’s IT infrastructure and ensure timely remediation. Ensure regular independent vulnerability assessment and penetration testing of IT systems and network.
Manage and monitor SIEM, log correlation, privilege access and identity access management systems and processes.
Management and monitoring of data leakage protection / data loss prevention and database security solutions and processes
Application controls assessment of developed systems, system changes / upgrades and new systems to identify systems risks and security gaps. Ensure timely closure of security findings and remediation of vulnerabilities.
Conduct regular reviews of security logs and application audit trails ensuring prompt reporting and resolution of incidents.
Review network and architecture designs. Evaluate compliance to applicable security standards.
Support policy formulation, standards development, risk assessments, information security awareness and compliance monitoring processes.
Research, evaluate, implement and support enterprise information security systems/tools
Requirement
Bachelors Degree in Computer Science, ICT or related field.
Strong working knowledge of operating systems, networks or databases
Knowledge of information security standards and best practices such as ISO 27001/2, PCI DSS, CoBIT
Information security certifications such as CISA or CISSP (or their equivalent) is an added advantage
Knowledge and experience in vulnerability assessment, information security auditing, threat management solutions, endpoint security, email security, information security awareness and database security
At least 2 years of experience in information security, networking or systems administration.
Good understanding of risk management and change management practices
Additional Details
Projects delivered on time and in full
Information security policies and standards developed and implemented
Vulnerability assessment and audit done and actions closed
Monthly information security performance reporting
Information security training and awareness session carried out