Information Systems Security Officer

JOB PURPOSE

The Information Systems Security Officer shall be responsible for both internal and external security hardening of systems, designing, identifying, implementing and enforcing modern security-based technologies, policies and procedures that protect Amref Health Africa entire ICT infrastructure, data, information, and applications from all forms of security vulnerabilities.

PRIMARY RESPONSIBILITIES

Network and Information Security Administration

• Performing network Intrusion detection and prevention, vulnerability scanning, and monitoring
• Administering centralized enterprise antivirus solution and client operating update and configuration
• Performing regular vulnerability scans to find any flaws for mitigation.
• Administering automated security patching solutions with up-to-date security updates and hot fixes
• Performing day-to-day operations and maintenance of both on-premises and cloud data center solutions
• Assisting in design, installation, administration and troubleshooting data and voice networks

Network Security Risk Assessment for Mitigation

• Performing daily health checks on systems and continuously monitors access to network services and devices
• Ensuring that security changes and improvement actions are evaluated, validated, and enforced according to Amref Health Africa policies and procedures
• Collecting and maintaining Security related data needed for purposes of monitoring trends
• Tracking security audit findings, assessments and recommendations for appropriate mitigation
• Tracking and measuring system performance and availability
• Mitigating Any Existing or Potential Security Threats
• Creating management reports on security trends and status

System Security Risk Assessment, Monitoring for Optimization

• Securing and optimizing remote sites network and communication technologies
• Monitoring network performance, report and troubleshoot outages resulting from security breaches and other factors;
• Recommending resource requirement required for cyber security operations
• Implementing, managing and securing global LAN/WAN and wireless platforms
• Participating in security risk assessments
• Identifying and mitigating vulnerabilities targeting Amref Health Africa network and provide timely mitigating measures
• Developing and implementing a comprehensive plan to secure ICT Network
• Proactively monitoring systems usage to ensure compliance with security policies

Technical Support, Troubleshooting and Capacity Building

• Keeping up to date with emerging security trends and developments in ICT security standards and threats
• Documenting any security vulnerabilities and assess extend of breaches
• Transferring knowledge of security skills, guides, standard operating procedures and best practices for information security to staff including non-technical audience
• Preparing and distributing important security alerts, or advisories to colleagues and general staff
• Troubleshooting and support across the WAN for smooth operations
• General ICT support across sites and field offices

REQUIRED QUALIFICATIONS

Education and Professional Qualifications

• Bachelor’s degree in ICT or related field;
• EC-Council Certified Ethical Hacker Certification v8/later or related
• Internationally recognized security certification e.g. Comptia Security+, CCNA Security, Microsoft Certified Security etc.
• Information Systems, Audit, Compliance and Assessment Certification

Required Qualifications and Experience

• 5+ years of progressive hands-on experience in a large enterprise ICT security
• Experience in designing and implementing organization wide information security network architecture and framework
• Experience in managing and implementing large scale information security network projects
• Experience in identifying and managing technology security risk
• Up-to-date knowledge of future IP and network security technologies, equipment and their benefits
• Systems Security Management
• Incident Management Tools
• LAN, WAN and Wireless Network management;
• Operating System, application and databases security configurations and Administrations
• Exposure to a diverse-multicultural environment
• Storage, virtualization, backup and restore solutions for business continuity
• Solid knowledge of various information security frameworks.
• Cyber security tools and techniques for Network defense
• Brand protection including web and email
• Routing, switching, firewall administration on a TCP/IP networking
• Managing network services and server roles
• Data Loss Prevention, Protection and Encryption
• Knowledge of security related laws, policies, procedures, or governance relevant to cybersecurity
• Threat Analysis and Vulnerabilities Assessment

Competencies and Skills

• Confidentiality
• Ethical
• Integrity
• Reliability
• Ability to work within deadlines
• Troubleshooting and problem resolution skills
• Excellent problem-solving skills
• Effective verbal and written communication skills
• Expert analytical skills

Other Important Soft Skills

• Influencing
• Critical and creative thinking
• Good logical diagnostic skills
• exercise good judgement in the resolution of problems;
• Facilitation
• Proactive
• Team work
• Interpersonal
• Flexibility