Reporting to : Manager – IT Networks & Technology Security
Band : 3
Department : Technology Division
Role Purpose:
Responsible for the maintenance and enhancement of the information security and integrity of the company through the monitoring and rationalization of security technologies within the infrastructural and business areas. Conducting regular audits to ensure compliance with company policy and procedures including Disaster Recovery and business continuity planning.
Key Duties and Responsibilities
Creation of system measures by defining access privileges, control structures, and resources.
Develop and review security standards, processes and policies for IT Governance for TKL
Conducting network security assessments and audit log reviews to evaluate the effectiveness of current security measures
Managing network, intrusion detection and prevention systems and monitor and review intrusion detection systems and firewall logs, analysing events and patterns and coordinating mitigation responses
Monitor multiple environments to detect, validate and respond to cyber security incidents
Participate in information security initiatives, provide risk assessments, define security requirements and apply security best practices
Provide technical support in the areas of vulnerability assessment, risk assessment, network security, product evaluation, incident management and security implementation
Provide technical evaluations and assists with making security improvements
Designing and implementing solutions for protecting the confidentiality, integrity and availability of sensitive information
Manage information security assessment requests; evaluate vendor products and services; advise management of risks and best security practices.
Track security trends/events to provide monthly security reports.
Coordinate disaster recovery and business continuity tasks for Telkom Kenya Limited
Remediating security anomalies on the end-point estate including; unprotected devices, infected devices or devices and software with malfunction affecting security
Assessing and deploying security patches and configuration for endpoint devices in a timely manner, including hardware, operating systems, applications and end-user cloud services.
Creating, managing, maintaining and carrying out, the procedures and processes required
Maintain a security risk register of information risks with assigned owners and work with the Manager IT Security and Compliance to define appropriate work packages to mitigate risks.
Academic/ Professional Qualifications
Degree in Electrical Engineering/Computer Science/Information Technology or other relevant Technical Degree
Advanced professional information security certifications e.g. CISSP/CISM/CISA/GIAC/CEH/CPTP/OSCP are preferred
Advanced Networking certifications: CCNA/CCNP preferred.
Certifications in Microsoft Windows and Linux/Unix Operating Systems
Certifications in ITIL/ETOM also preferred
Professional Knowledge
Minimum 3-5 years’ experience in IT Security
Experience in penetration testing and vulnerability assessments, IDS/Firewalls/VPN Administration, content filers, Security scan tools, Network and Systems
Administration Experience in enterprise security architecture design
Experience in enterprise security document creation
Experience in designing and delivering employee security awareness training
Experience in developing Business Continuity Plans and Disaster Recover.
Professional Skills:
Business acumen
Strategic
Result oriented
Developing self and others
Teamwork
Innovation
Managing risk
Analytical thinking