REF: TNH/HRD/ITSO/06/2025

The IT Security Officer shall be responsible for both internal and external security hardening of systems, designing, identifying, implementing and enforcing modern security-based technologies, policies and procedures that protect The Nairobi Hospital’s entire ICT infrastructure, data, information, and applications from all forms of security vulnerabilities.

Key duties and responsibilities

Network and information security administration

• Performing network Intrusion detection and prevention, vulnerability scanning, and monitoring.
• Administering centralized enterprise antivirus solution and client operating update and configuration.
• Performing regular vulnerability scans to find any flaws for mitigation. Administering automated security patching solutions with up-to-date security updates and hotfixes.
• Performing day-to-day operations and maintenance of both on-premises and cloud data center solutions.

Network Security Risk Assessment for Mitigation

• Performing daily health checks on systems and continuously monitoring access to network services and devices.
• Ensuring that security changes and improvement actions are evaluated, validated, and enforced according to the Nairobi Hospital policies and procedures.
• Collecting and maintaining Security related data needed for purposes of monitoring trends.
• Tracking security audit findings, assessments and recommendations for appropriate mitigation.
• Mitigating any existing or potential security threats.
• Creating management reports on security trends and status.

System Security Risk Assessment, Monitoring for Optimization

• Securing and optimizing remote sites network and communication technologies.
• Monitoring network performance, report and troubleshoot outages resulting from security breaches and other factors.
• Recommending resource requirement required for cybersecurity operations.
• Participating in security risk assessments.
• Identifying and mitigating vulnerabilities targeting The Nairobi Hospital network and provide timely mitigating measures.
• Developing and implementing a comprehensive plan to secure ICT Network.
• Proactive monitoring systems usage to ensure compliance with security policies.

Technical Support, Troubleshooting and Capacity Building

• Keeping up to date with emerging security trends and developments in ICT security standards and threats.
• Documenting any security vulnerabilities and assessing extend of breaches.
• Transferring knowledge of security skills, guides, standard operating procedures and best practices for information security to staff including non-technical audience.
• Preparing and distributing important security alerts, or advisories to colleagues and general staff.
• Working with external IT vendors

Knowledge, experience and qualifications required

• Bachelor of Science degree in Computer Science, Software Engineering or any other related field from a recognized institution.
• 3+ years of progressive hands-on experience in a large enterprise ICT security Internationally recognized security certification e.g. CompTIA Security+, CCNA Security, Microsoft Certified Security etc.
• Information Systems, Audit, Compliance and Assessment Certification are added advantages. EC-Council Certified Ethical Hacker Certification is an added advantage

Competencies

• Technical & Behavioural competencies
• Experience in designing and implementing organization wide information security network architecture and framework.
• Experience in managing and implementing large-scale information security network projects.
• Experience in identifying and managing technology security risk.
• Up-to-date knowledge of future IP and network security technologies, equipment and their benefits.
• Systems Security Management.
• Incident Management Tools.
• LAN, WAN and Wireless Network management.
• Operating System, application and databases security configurations and Administrations.
• Storage, virtualization, backup and restore solutions for business continuity.
• Solid knowledge of various information security frameworks.
• Cybersecurity tools and techniques for Network defense.
• Brand protection including web and email.
• Routing, switching, firewall administration on a TCP/IP networking.
• Managing network services and server roles.
• Data Loss Prevention, Protection and Encryption. Knowledge of security related laws, policies, procedures, or governance relevant to cybersecurity.
• Threat Analysis and Vulnerabilities Assessment.