Job Specifications

Duties and responsibilities at this level will entail:

Development and implementation of the data and cyber security strategy, plans and policies as a member of the IT team.

Conduct periodic security reviews, vulnerability assessments and penetration tests across the organization's PFA infrastructure.

Ensure all new and existing systems/products/services comply with the organization’s security policies & standards, Kenya Data Protection Act and other industry best practices (e.g. ISO27001, CIS).

Monitor database performances and improve technology.

Update systems when necessary and create data backups.

Conduct diagnostic tests and evaluate performance metrics.

Supervise and monitor the database development teams.

Provide timely and quality security assurance reports and advice to the organization when required, even with very tight deadlines.

Do regular follow-ups with system custodians/fund admin/business systems to ensure any security risks identified are addressed within the agreed timelines.

Define cyber security metrics and report periodically on security compliance across all networks/systems.

Research new threats, technologies, vulnerabilities and security design principles.

Maintain awareness of the latest cyber-security threats and implement security measures to minimize risk to information assets.

Ensure ICT systems are secure and resilient, carrying out proactive maintenance (e.g. patching) and ensuring processes and configurations are clearly documented.

Carry out other appropriate duties as required.

Person Specifications

For appointment to this grade, an officer must have:

Served for a minimum period of eight (8) years, three (3) of which should have been in a supervisory role.

Bachelor’s degree in any of the following disciplines: Computer Science, Information Technology, Information Security, Information Communication Technology, Business Information Technology or equivalent qualification from a recognized institution.

Master’s degree in any of the following disciplines: Computer Science, Information Technology, Business Information Technology or equivalent qualification from a recognized institution.

Professional certificates in any of the following areas:

Microsoft Certified Systems Engineer (MCSE), Microsoft Certified IT Professional (MCITP)

Certified Network Associate/Network+ (CCNA/N+CISCO)

Certified Information Systems Auditor (CISA)

Certified Information Systems Manager (CISM)

Huawei Certifications HCIP, HCIA

Web application certificates; Android, IOS, 2G, 3G, LTE, USSD

Certificate in Cloud technologies e.g. AWS and Azure

Java, Python, PHP, JavaScript, CSS, Apache, Nginx, IIS

Certificate in Information Systems Security e.g. Ethical Hacking, Penetration Testing, Vulnerability Assessments, ICT Audits, Pre-and-Post Implementation System Reviews

Certificate in Management Course lasting not less than four (4) weeks from a recognized institution.

Membership with a relevant professional body in good standing.

Demonstrated merit and ability as reflected in work performance and results.

Key Competencies and Skills

Communication skills

Team work

Interpersonal skills

Analytical skills

Time management skills

Organizational skills

Management skills

Negotiation skills

Decision making skills

Problem solving skills