Aga Khan University Information Security Analyst

The Aga Khan University (AKU) is a private, not for profit, International University first established in 1983, with 11 teaching sites in eight countries.

The Medical College in East Africa ¡s part of a visionary plan to create a comprehensive university in East Africa with a health sciences regional hub in Nairobi and campuses in Dar es Salaam and Kampala.

The Analyst – Information Security will work with the IT teams in assessing and implementation of IT security within the university.

Key Responsibilities

  • Perform technology and information security risk assessments.
  • Perform IS policy and procedures gap assessments against information security, regulatory requirements and
    governance standards. For example lSO27001:2013, COBIT, PCI-DSS etc.
  • Liaise with IT and internal/external audit teams during information systems audit. Work as a central point of contact from IT to ensure appropriate flow of information to audit team with any delay.
  • Work with IT team for successful closure of the audit observations
  • Perform internal assessments and identify gaps in current documentation and operations.
  • Assist in organizing information security trainings and campaigns for AKU staff.
  • Ensure implementation of Security Incident and Threat Response process.
  • Educate IT and business users and ensure all critical information assets are classified properly.
  • Conduct routine security reviews of networks, infrastructure, identify gaps, report issues to concerned units and management and tracking for timely closure.
  • Review audit logs of servers, network equipment and firewalls on a monthly basis.
  • Review SIEM logs on a daily basis to detect and identify cyber-attacks. Monitor for security breaches and investigate a violation when one occurs. Assess and respond to network security events and alerts identified through SIEM.
  • Coordinate with IT and business on security concerns for network, infrastructure and various projects.
  • Assist in remediation efforts related to security incidents, vulnerability assessments and penetration tests.
  • Ensure that appropriate measures have been taken to protect all AKU digital information assets from all kind of malicious software. For example, malware, viruses, worms, Trojans, etc.
  • Review configurations of network devices: Firewalls, Intrusion Detection Systems, Intrusion Protection Systems, network switches, network routers, VPN implementations for security perspective.
  • Implement data encryption policy and procedure to ensure all confidential information is encrypted while in transit or at rest.
  • Any other task or project assigned by line manager.

Qualification & Experience

  • Bachelor’s degree or equivalent in Computer Science, Computer Engineering, Information Security or related field. Advance degree highly preferred.
  • At least five (5) years of hands-on experience in Information Security risk assessments, policies and procedures, regulatory compliance, etc.
  • Network and security certifications such as CCNA, CCNP, CISM, CISA, CEH, MCSE, and CISSP etc. would be a plus.
  • Knowledge of Information Security and IT standards including but not limited to ISO 27001, COBIT, HIPAA, NIST, ITIL etc.
  • Experience in any Big 4 professional services firm would be a plus.

Please send your curriculum vitae; copies of academic qualifications; and copies of professional certificates to the Manager, Recruitment, Aga Khan University Hospital email address [email protected] not later than 1st February, 2018.

Press ESC to close