Job Description
SYSTEMS SECURITY OFFICER (SSO) – 1 position
Job Summary
Reporting to the Manager – Information Systems Operations, the job holder will be responsible for
monitoring and protecting an organization's ICT systems, networks, and databases from cyber threats,
preventing and mitigating security breaches that may arise from vulnerabilities and supporting
investigation of security breaches and incidence response, and perform security impact analysis in the
change process.
Summary of Responsibilities
1. Network Administration
2. Systems administration
3. ERP Administration
4. Identity and Access management (IAM)
5. Application security
6. Security application monitoring and update
7. Security awareness training
8. Systems Security & Change Management
Key Roles and responsibilities
1. Maintain access rules to ICT systems and resources including applications and data and ensuring
appropriate access control procedures are adhered to meet defined security standards while
maintaining supporting documentation
2. Implementing system security, including building firewalls, managing host security, file
permissions, backup and disaster recovery plans, file system integrity, access control, anti-virus
protection;
3. Assist in performing network management functions including network: user administration;
resource management; configuration management; performance management and maintenance;
4. Assist in Administrating and appropriately allocating ICT resources for server farms and all other
hardware and software resources shared on the network
5. Implementing current and appropriate ICT frameworks and standards to allow for a scalable,
highly-available, and robust network and applications;
6. Monitoring and providing periodic reporting on the overall state and performance of the:
LAN/WAN security; network, server(s), applications and other network resource utilization;
7. Manages and monitors IT physical layer infrastructure (Power, AC, servers, Wireless/LAN, WAN
networks, CCTV, Access control, firewalls and other network equipment) and ensures highest
performance and reliability and availability.
8. Be involved in the establishment of mechanisms for information and cyber security incident
response management including monitoring, detecting, remediating and fully investigating
security breaches.
9. Proactively monitor current and emerging information and cybersecurity risks and changes to laws
and regulations that may present new business risks.
10. Design, recommend and carry out Information and Cyber Security awareness and training
campaigns for all Sacco stakeholders/constituents towards creating a culture of consciousness
about information and cyber security risks.
11. Ensure development and maintenance of strategic contingency plans (IRP, DRP &BCP) that ensure
systems’ resilience to support ongoing Sacco operations.
12. Ensure compliance with the approved policy, best practice, security requirements and set
minimum baseline standards.
13. Assess external partners such as vendors' and contractors’ procedures, processes
14. and security controls to ensure they adequately protect the organization’s business information
and transactions
15. Keeping abreast with emerging trends in ICT security;
16. Preparing weekly & monthly performance reports;
17. Creating and Maintaining systems documentation and procedures;
18. Assist in implementing and reviewing the ICT application policies, procedures, strategies,
standards and guidelines
19. Assist in timely preparation of ICT reports to the management and the board
20. Any other duties as may be identified by the ICT Manager via the Chief executive Officer
Qualifications
For appointment to this position, the officer must: -
1. Have Bachelor’s degree or its equivalent from recognized institution in any of the following
disciplines: Computer Science, Information Technology, Business Information or any other related
field with relevant IT Security professional qualifications i.e. CISSP, CISA/CISM/CEH etc.
2. At least 3 years’ experience in Security/Network administration with strong technical knowledge
of database, network and operating systems security in a busy ICT environment preferably a
financial institution
3. At least three years’ experience in development/ implementation/support of Microsoft Dynamics
Nav/Dynamics 365 Business Central
4. Comprehensive knowledge of ICT Security, Hardware, Software and Networking skills
5. Knowledge of various security methodologies and processes and technical security solutions
(firewall and intrusion detection systems, SIEMS etc.).
6. Knowledge of TCP/IP Protocols, network analysis, and network/security applications.
7. Working knowledge and experience in penetration testing and vulnerability assessments.
8. Knowledge of common cybersecurity threats and sources of cybersecurity information.
9. Good understanding and knowledge of risk assessment, risk procedures, security
10. assessment, vulnerability management, penetration testing
11. Have demonstrated professional competence and capability in work performance and results.
12. Be a member of a relevant professional body; and
Personal Attributes required for this role:
1. Ability to work independently with minimum supervision
2. Team player with good inter-personal skills 3. Drive for results and
achievement 4. Analytical skills.
5. Decision making and problem-solving skills.
6. Innovation and creativity.
7. Project management skills.
8. Communication skills.
9. Ability to work to long hours
10. Versatile and Ability to multitask