The Nairobi Securities Exchange (NSE) is a company licensed by the Capital Markets Authority (CMA) to facilitate the trading of financial products through the provision of a trading platform for listed securities.
In line with this, the NSE is seeking to recruit suitably qualified, dynamic, self- motivated and results- oriented individuals to fill the following position:
Senior Officer, Information Security
Overall Purpose: The role is responsible for planning, development and delivery of a comprehensive information security and privacy program for the NSE.
The purposes of the program include assuring that information created, acquired or maintained by NSE and its authorized users, is accessed and used in accordance with its intended purpose; to protect NSE information and its infrastructure from external or internal threats; and to assure that NSE complies with statutory and regulatory requirements regarding information access, security and privacy.
This role serves as a Technical Advisor to the NSE and is process owner on all areas of information systems security.
Key Duties and Responsibilities
- Work with key IT roles, data custodians and relevant stakeholders in the development/ enhancement of an Information Security (InfoSec) and infrastructure assurance policy;
- Champion development, enforcement and communication of InfoSec policies, standards and procedures;
- Lead the design and implementation of a layered information security architecture covering perimeter to end point;
- Proactively ensuring that the InfoSec architectures at all stages of their life cycle comply with policy and regulatory requirements, and that risks due to disruption of operations, unauthorized modification of data, destruction of computer resources and compromise or loss of information resources are minimized;
- Coordinate the development and delivery of an education and training program on InfoSec and privacy matters for employees and other authorized users so as to ensure compliance;
- Develop and implement an Incident Reporting and Response system to address any security breaches, respond to policy violations or complaints from external parties;
- Lead the implementation and testing of NSE’s recovery and business continuity plan;
- Maintain ongoing knowledge of methodologies and implements best practices in InfoSec management;
- Recommends and champions courses of action and policies that allow NSE to securely meet its organizational goals;
- Develop and implement an ongoing risk assessment program targeting information security and privacy matters, including regular assessment and reporting on risk and information security posture;
- Lead the preparation of RFPs, bid proposals and other documentation related to acquisition of information security infrastructure as well as negotiations with vendors, outsourcers and contractors to secure relevant products and services;
- Conduct research, recommend and enforce InfoSec best practice standards in line with globally accepted information security frameworks; and
- Perform any other duties as may be assigned from time to time.
- Bachelor’s degree in Computer Science, Information technology or equivalent;
- Minimum four (4) years’ experience in information security, information technology or related field;
- Professional training/certifications in information security;
- Knowledge on the secure design and set up of networks;
- Knowledge of security of relational Databases;
- Ability to maintain confidentiality of privileged information and to ensure absolute discretion and sensitivity to confidential matters;
- Hands on experience in design and deployment of information security architectures;
- Working knowledge of UNIX and windows operating system environments;
- Working knowledge of and experience in the policy and regulatory environment of information security especially in financial markets;
- Excellent project management, written and oral communication skills;
- Ability to work collaboratively with a broad range of constituencies and diverse groups of people;
- Working knowledge of information security best practice standards; and
- Working knowledge of varied network and information security technologies, such as IDS, SIEM, UTM, Endpoint security solutions etc. will be an added advantage.