The IT Security Officer shall be responsible for both internal and external security hardening of systems, designing, identifying, implementing and enforcing modern security-based technologies, policies and procedures that protect The Nairobi Hospital’s entire ICT infrastructure, data, information, and applications from all forms of security vulnerabilities.
Key duties and responsibilities
a) Network and information security administration
1) Performing network Intrusion detection and prevention, vulnerability scanning, and monitoring.
2) Administering centralized enterprise antivirus solution and client operating update and configuration.
3) Performing regular vulnerability scans to find any flaws for mitigation. Administering automated security patching solutions with up-to-date security updates and hotfixes.
4) Performing day-to-day operations and maintenance of both on-premises and cloud data center solutions.
b) Network Security Risk Assessment for Mitigation
1) Performing daily health checks on systems and continuously monitoring access to network services and devices.
2) Ensuring that security changes and improvement actions are evaluated, validated, and enforced according to the Nairobi Hospital policies and
procedures.
3) Collecting and maintaining Security related data needed for purposes of monitoring trends.
4) Tracking security audit findings, assessments and recommendations for appropriate mitigation.
5) Mitigating any existing or potential security threats.
6) Creating management reports on security trends and status.
c) System Security Risk Assessment, Monitoring for Optimization
1) Securing and optimizing remote sites network and communication technologies.
2) Monitoring network performance, report and troubleshoot outages resulting from security breaches and other factors.
3) Recommending resource requirement required for cybersecurity operations.
4) Participating in security risk assessments.
5) Identifying and mitigating vulnerabilities targeting The Nairobi Hospital network and provide timely mitigating measures.
6) Developing and implementing a comprehensive plan to secure ICT Network.
7) Proactive monitoring systems usage to ensure compliance with security policies.
d) Technical Support, Troubleshooting and Capacity Building
1) Keeping up to date with emerging security trends and developments in ICT security standards and threats.
2) Documenting any security vulnerabilities and assessing extend of breaches.
3) Transferring knowledge of security skills, guides, standard operating procedures and best practices for information security to staff including non-technical audience.
4) Preparing and distributing important security alerts, or advisories to colleagues and general staff.
5) Working with external IT vendors
