|Category:||IT & Telecommunication|
• To ensure the security of Kenya Airways information and supporting infrastructure by putting in place measures, solutions and processes to mitigate any information security risks.
• Conduct regular vulnerability assessments on the company’s IT infrastructure and ensure timely remediation. Ensure regular independent vulnerability assessment and penetration testing of IT systems and network.
• Manage and monitor SIEM, log correlation, privilege access and identity access management systems and processes.
• Management and monitoring of data leakage protection / data loss prevention and database security solutions and processes
• Application controls assessment of developed systems, system changes / upgrades and new systems to identify systems risks and security gaps. Ensure timely closure of security findings and remediation of vulnerabilities.
• Conduct regular reviews of security logs and application audit trails ensuring prompt reporting and resolution of incidents. • Review network and architecture designs. Evaluate compliance to applicable security standards.
• Support policy formulation, standards development, risk assessments, information security awareness and compliance monitoring processes.
• Research, evaluate, implement and support enterprise information security systems/tools
• Bachelors Degree in Computer Science, ICT or related field.
• Strong working knowledge of operating systems, networks or databases
• Knowledge of information security standards and best practices such as ISO 27001/2, PCI DSS, CoBIT
•Information security certifications such as CISA or CISSP (or their equivalent) is an added advantage
• Knowledge and experience in vulnerability assessment, information security auditing, threat management solutions, endpoint security, email security, information security awareness and database security
• At least 2 years of experience in information security, networking or systems administration.
• Good understanding of risk management and change management practices
• Projects delivered on time and in full
• Information security policies and standards developed and implemented
• Vulnerability assessment and audit done and actions closed
• Monthly information security performance reporting
• Information security training and awareness session carried out