The Information Security Administrator is responsible for safeguarding Kenya Reinsurance Corporation’s IT infrastructure and information assets, ensuring confidentiality, integrity, availability, and non-repudiation across systems. This role focuses on implementing and enforcing the Information Security Policy, managing security controls, and proactively protecting the organization from unauthorized access and cyber threats.
Primary Responsibilities
- Policy and Standards Development: Contribute to the establishment and enforcement of policies and standards that support the organization’s information security strategy.
- Security Configuration and Optimization: Lead in configuring and optimizing information systems security, including conducting penetration testing.
- Security Planning and Control Design: Develop security plans and implement controls and testing strategies to maintain robust security measures.
- Incident Management: Manage the information security incident response program to prevent, detect, contain, and remediate security breaches.
- Cyber Risk Management: Use AI-driven technology to proactively identify and mitigate cyber and enterprise risks.
- Patch Management: Ensure timely updates and patching of all information systems.
- IT Infrastructure Optimization: Maintain and enhance the security of the subsidiary IT infrastructure.
- Disaster Recovery: Manage the disaster recovery site and ensure security measures are optimized.
- Log Review and Compliance: Monitor system logs to identify and respond to suspicious activity in accordance with information security standards.
- Policy Adherence: Ensure organizational processes comply with information security policies and standards.
- Development and Acquisition: Integrate information security into systems development and acquisition processes.
- Lifecycle Security Maintenance: Maintain information security throughout system change control and lifecycle processes.
- Contractual Security Compliance: Ensure that outsourced providers, business partners, and third parties adhere to agreed information security controls.
- Threat and Vulnerability Management: Identify potential threats and provide guidance on effective security measures.
- Risk Management: Collaborate with the risk team to conduct risk assessments, gap analyses, and impact analyses to achieve acceptable risk levels.
Additional Duties
- Provide recommendations on physical and technical security controls.
- Advise on disaster recovery procedures to minimize data and system loss.
- Collaborate with vendors, auditors, management, and departments to strengthen information security.
- Offer guidance on security best practices, including risk analysis and control selection.
Qualifications and Experience
- Academic: Bachelor’s degree in Computer Science, Information Technology, or a related field.
- Professional: Certification in one or more of the following: CISM, CISA, CISSP, CCNA, CompTIA Security+, Certified Ethical Hacker.
- Experience: At least 3 years of experience in information systems security administration.
Skills and Competencies
- Excellent interpersonal and communication skills.
- Strong knowledge of network protocols, server architecture, and security software.
- Proficiency in Microsoft and Linux environments, virtualization, backup solutions, and network technologies (WAN, LAN, VOIP, Wireless, VPN).
- Expertise in information security systems including Firewalls (Check Point), IDS, IPS, SIEM, PAM, SOC, SOA, and antivirus.
- Familiarity with database and application connectivity protocols and Microsoft server roles (Domain Controller, DNS, AD, ADFS, DHCP, Azure, Microsoft Exchange, Office 365).