JOB OBJECTIVE

• The job holder will be responsible for providing ICT security services to safeguard the confidentiality, integrity and availability of KCA University’s ICT infrastructure, networks, information systems, data and automated business processes.

DUTIES AND RESPONSIBILITIES:

• Develop and implement the University’s cyber security strategy guided by the University’s ICT strategy, ICT policies and procedures, government regulations and standards, and international standards and best practices.
• Steer the University towards ISO 27001:2022 Information Security Management System standard certification.
• Monitor University systems for vulnerabilities and risks in the existing network, software, and other integrated systems hosted on-premise and on the cloud.
• Conduct regular vulnerability assessment and penetration testing (VAPT) on the University infrastructure and systems.
• Deploy and maintain Unified Threat Management system firewalls on university networks and monitor them.
• Deploy and maintain end-to-end full-stack security systems in the University’s ICT infrastructures and systems.
• Monitoring the usage of software and other ICT resources to ensure security and optimal use.
• Reporting and investigating IT security incidents, including recreating them to identify vulnerabilities.
• Testing new security measures.
• Advising on security issues and conducting regular user security awareness trainings.
• Preparation of regular reports on the security status of ICT systems.
• Monitor and confirm that all data generated in the University are backed up and documented by the relevant officers.
• Document all ICT security procedures and processes being undertaken in the University.
• Conduct and document regular ICT security drills and simulations.
• In collaboration with the Data Protection Officer, implement administrative, physical and technical security controls to ensure full compliance with the Data Protection Act 2019 and attendant regulations.
• Closely monitor the business continuity and disaster recovery site to ensure that it is up and running all the time and can support University business processes in case the primary site is affected.
• Ensure that all relevant system logs are maintained and backed up regularly.
• Monitor and regularly report on the level of implementation of all approved user access matrices for all systems in the University.

REQUIREMENTS

QUALIFICATIONS AND EXPERIENCE

• Bachelor’s degree in computer science, engineering or related technology field.
• ICT security professional certification, e.g. CISSP, CISM, CISA, etc.
• Experience in configuring Cyberoam UTM firewalls and Microsoft Active Directory will be an added advantage.

WORK EXPERIENCE

• Five (5) years’ experience in ICT security in a busy ICT environment

OTHER SKILLS AND COMPETENCIES

• Good organizational and planning skills.
• Good interpersonal and communication skills.
• Analytical thinker with the ability to partner with stakeholders to resolve complex security matters and develop policies, processes and guidelines.
• An understanding of ERP, security concepts, Information security governance, data protection and privacy laws and regulations.
• Excellent written and verbal communication.