Save the Children International
Job Title: Information Security Engineer
Team / Programme: IT
Location: Nairobi, Kenya
Contract Length: National (2 Years)
Child Safeguarding: Level 3 – the post holder may have access to personal data about children and/or young people as part of their work; therefore a police check will be required (at ‘standard’ level in the UK or equivalent in other countries)
Role Purpose: This role is based out of the Nairobi technology hub and will primarily focus on delivering network and application security compliance globally within SCI and where required support participating member organisation to achieve the same.
This will include on-going security assessments as well as implementation of agreed actions and activities in response to identified IT security risks.
Dimensions: Save the Children has been operational in Kenya since the 1950s, providing support to children through developmental and humanitarian relief programmes delivered both directly and through local partners.
Current programming focuses on child protection, child rights governance, education, health, HIV/AIDS, livelihoods, nutrition and WASH.
In 2012, as part of a global reorganization process, Save the Children combined the programmes of SC UK, SC Canada and SC Finland to create a single operation in Kenya.
In Feb 2014, we completed a second transition, which saw us join forces with the British INGO, Merlin, and merge their health and nutrition programmes with our own.
Save the Children now has an operational presence in Bungoma, Dadaab Refugee Camp, Garissa, Mandera, Turkana and Wajir and we work through partners in many other parts of the country.
In 2016, Save the Children established a new project office in Madagascar whose operations are managed by the Kenya CO.
In total, we employ around 250 staff in both countries and had an operating annual budget in 2016 of approximately US$17.5million
Scope of Role:
Reports to: Head of Global Information Security (London)
Indirect: Head of Technology Hub (Nairobi)
Staff directly reporting to this post: None – dotted line linkage to IT Security focal points across 50+ country offices
Budget responsibilities: None
Key Areas of Accountability:
- Lead accountability, on behalf of the Head of Global Information Security, for network and application security within Save the Children International.
- Develop and manage processes for preventing, detecting, analysing, and responding to information security incidents.
- Identify, define and maintain systems security requirements (standard operating procedures & protocols).
- Engineer and implement security solutions for protection of computer systems, networks and information including use of open source solutions for network access control, vulnerability scanning, secure configuration management, audit logs monitoring, IDS events & logs analysis and security incident management.
- Proactively research and develop technical solutions/security tools to help mitigate security vulnerabilities and automate repeatable tasks.
- Collaborate with IT Shared Services and IT Architecture & Innovation teams to ensure systems, applications and networks are secure by design.
- Conduct compliance reviews and provide comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement.
- Assess network, server, and application logs to determine trends and identify security incidents.
- Analyse and make recommendations to improve network, system, and application architecture.
- Coordinate and participate in IT audits, with a focus on information security when required.
- Assist in the review and update of information security policies, procedures and standards.
- Assist internal and external stakeholders including auditors, when required, with information security questionnaires, audits, reviews, investigations, etc.
Skills and Behaviours (our Values in Practice)
- Delivering Results: Takes personal responsibility and holds others to account to deliver our ambitious goals for children, continually improving own performance or that of the team/organisation.
- Developing Self and Others: Invests time and energy to actively develop self and others to help realise their full potential, and to build the organisation’s capability for the future.
- Leading and Inspiring Others: Demonstrates leadership in all our work, role models our values and articulates a compelling vision to inspire others to achieve goals for our children.
- Problem Solving and Decision Making: Takes effective, considered and timely decisions by gathering and evaluating relevant information from within or outside the organisation and making appropriate judgements.
- Applying Technical Expertise: Applies the required technical and professional expertise to the highest standards, promotes and shares best practices within and outside the organisation.
- Innovating and Adapting: Develops and implements innovative solutions to adapt and succeed in an ever – changing, uncertain work and global environment.
- Working Effectively with others: Works collaboratively to achieve shared goals, and thrives on diversity of people and perspectives. Knows when to lead, when to follow, and how to ensure effective cross- boundary working.
- Communicating with Impact: Communicates clearly and confidently with others to engage and Influence, Promotes dialogue and ensures timely and appropriate messages, building confidence and trust with others.
- Networking: Builds and uses sustainable relationships and networks to support the work of Save the Children.
Candidates will be evaluated primarily upon their ability to demonstrate the competencies required to be successful in the role, as described in key areas of accountability above.
For reference, the typical work experience and educational background of candidates in this role are as follows:
- BS or MA in Computer Science, Information Security, or a related field
- 5+ years of experience in information security, especially in a security engineering/analyst role
- Certified Information Systems Security Professional (CISSP)
- CompTIA Security+
Experience & Skills
- Proven work experience as a system/information security engineer or analyst and in building and maintaining information security systems.
- Thorough understanding of the latest security principles, techniques, and protocols.
- Detailed technical knowledge of database and operating system security.
- Strong knowledge of common vulnerabilities and exploitation techniques.
- Hands on experience in security systems, including VPN, Firewall, network monitoring, IDS/IPS, anti-malware, content filtering, authentication systems, logs management, web server security, wireless security, etc.
- Experience working with networking technologies, network security and network monitoring tools.
- Experience working with open source solutions to include NAC, vulnerability scanning, SIEM etc.
- Experience of assessing IT security risks and designing practical and cost effective plans to mitigate them.
- Experience of working with distributed IT infrastructure, networking and application environment.
- Capacity to build and maintain excellent relations and to work effectively in a multicultural and multi-ethnic environment respecting diversity.
- Strong personal, organisational and self-management skills.
- Strong communication skills, in English.
- Ability to understand organizational mission, values, and goals and consistent application of this knowledge.
- Commitment to Save the Children values.
- Proficiency with at least one of the scripting language (e.g.: Perl, Python, PowerShell)
- Experience of ‘field operations’ and the IT Security-related issues associated with working in remote, inhospitable and insecure environments
- Strong understanding of/willingness to learn key trends in international and humanitarian development and how technology can and is being utilised to support these developments
- Highly developed cultural awareness and ability to work well in an international environment with people from diverse backgrounds and cultures
- A second language preferably French, Spanish, Portuguese or Arabic.
The duties and responsibilities as set out above are not exhaustive and the role holder may be required to carry out additional responsibilities within reasonableness of their level of skills and experience.
Equal Opportunities: The role holder is required to carry out duties in accordance with the SCI Equal Opportunities and Diversity policies and procedures.
Health and Safety: The role holder is required to carry out the duties in accordance with SCI Health and Safety policies and procedures.
How to Apply
The application process is now open and will close on Monday, 13th March 2017.
To apply for these positions visit the SCI Kenya Website: https://kenya.savethechildren.net/jobs.
The system allows CVs & Cover letter as One(1) document.
Applications will be reviewed on a rolling basis.
Save the Children International does not charge any kind of fee at whichever stage of the recruitment process and does not act through recruitment agent.