Would you like to get more call backs when applying for jobs? send your C.V. to email@example.com or click the following link. Submit C.V.! use the subject heading REVIEW.
IMPORTANT: Read the application instructions keenly
Click the Links Below to Get Job Updates.
Department: ICT Services (ICTS)
Reporting To: Director, ICT Services and Operationally to Associate Director, ICT Services
Basic job summary: Leading a team responsible for ICT Security Services the jobholder will spearhead the development and implementation of a comprehensive information and cyber security program that facilitates information security governance and management towards the protection of University information assets and resources by ensuring they have adequate controls to provide for their confidentially, integrity and availability in line with institutional requirements as well as to comply with applicable laws and regulations, for business risk reduction. This is to be accomplished by working closely with ICTS staff, University departments/offices, University staff, University management, vendors, auditors, among other stakeholders.
Duties & Responsibilities:
- Strategic and Operational Planning: Through strategic and innovative thinking and planning, be involved in formulating long-range as well as short-range plans for improving information and cyber security posture in the University in line with University objectives. This includes actively participating in the ICT Strategic Planning process as well as timely formulation of annual capex and opex budgets relating to ICT security systems and services.
- Project Management: Ensure that ICT security systems and services projects are well planned and managed professionally using appropriate project management methods and techniques to minimize risks to the University, while fully realizing expected business benefits within time and budget constraints.
- Policy Formulation and Compliance Monitoring: Lead in the formulation, review and updating of information and cyber security policies, related standards, procedures and guidelines and oversee their approval, dissemination and maintenance. Further is to spearhead establishment and ongoing fine tuning of a mechanisms to enforce, monitor and timely report, adherence to them. This is to be done in full appreciation of best practise in information security such as ISO 27001, COBIT among others.
- Systems Security & Change Management: Liaise with the systems analysis, systems design, systems development and systems administrator teams to provide security design review and approval for new University ICT systems and/or services as well as proposed changes to existing systems and/or services. Further is to work closely with ICT teams in their role as system custodians, as well as system owners, to deliberate on security risks affecting the respective systems, and by acting as subject matter expert on information and cyber security, recommend and follow up on implementation of appropriate controls an agreed remediation measures.
- Vendor Management: Maintain cordial working relationships with appropriate vendors while ensuring proper formulation, authorization and management of vendor contracts and service level agreements (SLA) for ICT security services and systems acquisition to ensure contract deliverables are achieved, with consideration of the full systems life cycle (including ongoing maintenance) and that contract risks are minimized.
- ICT Disaster Recovery Plans (DRP): Ensure development and maintenance of current DRPs that ensure systems’ resilience to support ongoing University operations. Further is to ensure ongoing testing of system backups through scheduled or ad hoc restoration exercises involving business systems owners’ signoff and making and recommending relevant adjustments to the plans as may be necessary in order to be within stipulated & expected timelines and thresholds (i.e. RPO, RTO, and SDO etc.).
- Business Continuity Management (BCM): Be part of the team leading Business Continuity Management (BCM) coordination for ICTS in the University, charged with conducting awareness and coordinating ICT Business Continuity Planning (BCP) and DRP activities towards ensuring meticulous operation of the plans in time of an information/cyber security incident or disaster. This will involve establishing the need and training relevant University stakeholders including performing mock tests to establish the effectiveness of ICT BCP and DRP so as to boost response preparedness of all recovery teams/users. Further is to ensure that roles and responsibilities of managing information/cyber security cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff members.
- Information Security Incident Management: Oversee establishment of mechanisms for information and cyber security incident response management including monitoring, detecting, remediating and fully investigating security breaches to establish and treat the root cause (s) so as to minimize future occurrences as well as perform impact analysis.
- Risk Assessment and Audit: Proactively monitor current and emerging information and cyber security risks and changes to laws and regulations that may present new business risks, and to detect weaknesses in the design and implementation of controls, carry out vulnerability assessment and penetration testing on University’s ICT systems, report identified weaknesses and follow-up on corrective action and its effectiveness. Further, is to engage and support internal and external auditors in their assignments and subsequently assist in laying effective remedial plans to resolve audit findings touching on information and cyber security matters including reporting on progress of corrective action.
- Information & Cyber Security Awareness and Training: Design, recommend and carry out Information and Cyber Security awareness and training campaigns for all University stakeholders/constituents towards creating a culture of consciousness about information and cyber security risks and the different ways in which to avoid or mitigate such risks. Further is to regularly review the level of information security and cyber security awareness across University stakeholders/constituents and to device timely interventions towards improving the same to expected levels.
- Talent Development and Supervision: Guide, mentor and coach assigned, as well as other ICTS staff in growing their job-related technical skills, organizational skills, team spirit and leadership capacity. This further involves assigning supervisees, tasks and responsibilities and monitoring delivery of the same in meeting University service delivery requirements and expectations.
- Professional Development: Grow and maintain professional development by attending educational workshops/seminars/conferences, reviewing professional publications, establishing professional networks and participating in professional societies.
- Reporting and ICT Committees: Support decision making by formulating appropriate technical as well as managerial metrics and insights and using those to design concise and simple reports to apprise senior IT management, respective ICT Committees and/or business management on matters pertaining to the posture of ICT Security according to agreed schedule/cycles or on ad hoc basis. This further involves being part of and actively contributing to applicable ICT Committees.
- Bachelor of Science in Telecommunications (BSc. TC), Bachelor of Business Information Technology (BBIT), Bachelor of Science in Informatics and Computer Science or an ICT – related degree qualification.
- Certification in information security (management; CISM and technical: CISSP/GIAC/CEH etc.);
- Network and Network Security knowledge (CCNA/HP and CCNA Security etc.);
- Project Management (PRINCE2/PMP etc.);
- IT management best practise (CISA, ITIL etc.).
- A minimum of 5 years in the area of systems and network administration, systems development or information, cyber or IT security.
- 3 years must have been in a role within information, cyber or IT security.
At least 1 year at a supervisory level.
Competencies and Attributes
- Strong leadership, people management skills, conflict management & resolution skills, negotiations skills;
- Strong business acumen;
- Attention to detail;
- Results – oriented;
- Works well under pressure;
- Team player;
- Problem solving focus;
- Good interpersonal & communication skills including written, verbal and presentation skills.
- Technical zeal;
- Strong time management & organizational skills;
- Self-discipline and drive;
- High integrity and ethical standards.
Knowledge and Skills
- Business Case Preparation, RFP preparation, bid proposals, contracts, scope of work reports, and other documentation for IT.
- Demonstrate experience in IT Security including in cloud-based environments, mobile environments, virtual environments (vmware).
- Need to demonstrate experience in managing a team (s) and engaging organizational management.
- Solid knowledge of Information security regulations, standards, and leading practices such as COBIT, ISO 27001, SANS 20, ITIL, etc.
- Solid knowledge in security technologies such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), SIEM, Firewalls, Encryption etc.
- Practical information security experience in: Linux, Windows Server and Active Directory, LAN and WAN Networks, Application Controls, Security Testing, Physical Security, Information Security Policy Implementation etc.
- Ability to engage and resolve conflicts between information security and business objectives.
How to Apply
Are you qualified for this position and interested in working with us? We would like to hear from you. Kindly send us a copy of your updated resume and letter of application (ONLY) quoting “Assistant Manager, ICT Security Services” on the subject line to firstname.lastname@example.org by 21st February 2020.
Due to the large number of applications we may receive, kindly note that only the shortlisted candidates will be contacted.
Please be advised that Strathmore University is an equal opportunity employer and does NOT ask for money from applicants under any circumstances during its recruitment process. Interested applicants are encouraged to exercise caution upon receiving any such interview opportunity that requires payment of any money.