The Communications Authority of Kenya is the regulatory authority for the communications sector in Kenya. Established in 1999 by the Kenya Information and Communications Act, 1998, the Authority is responsible for facilitating the development of the Information and Communications sectors including; broadcasting, multimedia, telecommunications, electronic commerce, postal and courier services.

Job Specifications

The duties and responsibilities of the Senior Information Security officer will entail: –

• Participating in the implementation of the Authority’s ICT strategy, plans, policies, procedures, and the information security program;
• Ensuring that information security is incorporated into all aspects of the Business.
• Implementing the security and disaster recovery aspects of the Authority’s ICT Systems;
• Identify, assess, investigate, and remediate security breaches and other cybersecurity incidents;
• Install security measures and operate hardware and software to protect the Authority’s Computers, Networks, and Data against threats, such as security breaches, computer malware, Social Engineering, or attacks by cyber-criminals;
• Participate in the maintenance of the ISO/IEC 27001 Certification for the Authority;
• Creating updates and overseeing execution of security assessments and analysis of systems on a daily, weekly, monthly, quarterly, and annual basis;
• Ensure that all Servers and other ICT-related equipment are hardened for compliance and/or industry standards;
• Ensure that all information technology/service diagrams are up to date and appropriately documented;
• Guide the Incident Response Team (IRT) in handling information security incidents;
• Perform routine audits of firewall(s), SIEM and log management, intrusion detection and prevention systems, and content filtering controls;
• Ensure all levels of staff are provided with relevant training and advisory materials on information security matters;
• Participating in testing the Authority’s systems backups and test procedures for the disaster recovery process to ensure continuity of operations;
• Creating patch management plans and upgrades regularly to enhance system hardware and software security in liaison with the System Administration team;
• Monitoring the implementation of ICT System access privileges and matrices, control structures, and proper use of authorized resources;
• Performing technical risks, vulnerability assessments, and penetration tests to ensure internal security controls operate optimally;
• Fixing detected vulnerabilities or any security-related noncompliance gaps in liaison with the System and Network Administration team to maintain a highsecurity standard;
• Participating in the implementation of security improvements by assessing the current situation; evaluating trends and anticipating requirements;
• Conducting assessment on the security of new applications and programs prior to installation or upgrades;
• Participating in the implementation of Quality Assurance (QA) policies, standards and procedures;
• Creating System test plans, requirements, scenarios, and test data for use during testing;
• Creating QA reports and filing Systems bug tickets based on the outcome of QA Test cycles;
• Conducting System post-release/ post-implementation testing;
• Carrying out cross-functional engagement to ensure quality throughout the System development lifecycle.
• Carrying out effective Information Security Related Project management

 Person Specifications

For appointment to this grade, a candidate must: –

• At least four (4) years of relevant work experience in the Public or Private sector
• Bachelor’s Degree in any of the following disciplines: – Information Technology, Computer Science, Management Information Systems (MIS), Business IT, Software Engineering, ICT Project Management, Computer Engineering, or any other relevant and equivalent qualification from a recognized Institution;
• At least any one (1) certification from relevant professional bodies in either CCNP, CDCP, CCNA Cloud, CCNA Industrial/IoT, CCNA, MCSE, MCSA, MCSD, N+, A+ OCA, CISSP, Linux+, Network+, Microsoft Certified IT Professional (MCITP), CISA, CISM, CGEIT or other equivalent qualifications from a recognized institution, is an added advantage;
• Supervisory Course lasting not less than two (2) weeks from a recognized institution;
• Shown merit and ability as reflected in work performance and results;
• Fulfilled the requirements of Chapter Six of the Constitution of Kenya 2010

Key Competencies and Skills

• Communication and reporting skills;
• Attention to detail skills;
• Problem-solving and analytical skills;
• Interpersonal and negotiation skills;
• Professionalism; and
• Ethical and integrity