NATIONAL INFORMATION TECHNOLOGY AUTHORITY - UGANDA (NITA-U) REGIONAL COMMUNICATIONS INFRASTRUCTURE PROGRAM (RCIP) INFORMATION SECURITY SPECIALIST

Similar documents
Job Specification & Recruiting Profile of Vacancy

REQUEST FOR EXPRESSIONS OF INTEREST

Application for Certification

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

CompTIA Cybersecurity Analyst+

Position Description IT Auditor

CCISO Blueprint v1. EC-Council

locuz.com SOC Services

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

VACANCY NOTICE. Vacancy Notice No: CAT-6 (WRO-21)/SSA Date of Issue : 24 June Title: Assistant (ICT) Deadline for application : 10 July 2015

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

Position Title: IT Security Specialist

Strengthening Capacity in Cyber Talent sans.org/cybertalent

COURSE BROCHURE CISA TRAINING

Security Operations & Analytics Services

Information Security Controls Policy

CISA Training.

Mark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services

KENYA TRADE NETWORK AGENCY KENTRADE VACANCY ANNOUNCEMENT

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

Request for Proposal (RFP)

Cybersecurity Employment SecureNinja

MINISTRY OF ICT AND NATIONAL GUIDANCE NATIONAL ICT INITIATIVES SUPPORT PROGRAMME (NIISP)

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

What It Takes to be a CISO in 2017

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

t a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.

Apprenticeships CYBER SECURITY HIGHER APPRENTICESHIP FROM IT TECHNICIAN TO SKILLED INFORMATION SECURITY PROFESSIONAL

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

CyberSecurity: Top 20 Controls

Level 5 Award in Understanding the Management of Physical and Cyber Asset Security in the Water and Environmental Industries

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

TOURISM REGULATORY AUTHORITY VACANCIES

K12 Cybersecurity Roadmap

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Ingram Micro Cyber Security Portfolio

Defense in Depth Security in the Enterprise

Cybersecurity Auditing in an Unsecure World

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Designing and Building a Cybersecurity Program

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

Marine Institute Job Description

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

Ransomware A case study of the impact, recovery and remediation events

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Security and Privacy Governance Program Guidelines

Call for Expressions of Interest

Cybersecurity Today Avoid Becoming a News Headline

Marine Institute Job Description

CISM QAE ITEM DEVELOPMENT GUIDE

NEXT GENERATION SECURITY OPERATIONS CENTER

External Supplier Control Obligations. Cyber Security

NEN The Education Network

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

IT Information Security Manager Job Description

INFORMATION SYSTEMS AUDITOR EXAM PREPARATION COURSE NICOSIA LIVE ON-LINE. 1 P a g e

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

Governance, Organisation, Law, Regulation and Standards Syllabus QAN 603/0855/2

NOTICE TO ALL PROSPECTIVE RESPONDENTS RFP 18-ITSS/CY. Addendum No. 1 issued September 7, RFI responses are in red bold print

Mohammad Shahadat Hossain

the SWIFT Customer Security

Cymsoft Information Technologies

POSITION DESCRIPTION

Les joies et les peines de la transformation numérique

NYS DFS Cybersecurity Requirements. Stephen Head Senior Manager Risk Advisory Services

Law Enforcement Commercial Price List ManTech International Corporation August 2017

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Structuring Security for Success

CCNA Cybersecurity Operations. Program Overview

Altius IT Policy Collection

CompTIA CSA+ Cybersecurity Analyst

Information Technology General Control Review

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

SECURITY & PRIVACY DOCUMENTATION

PCI DSS COMPLIANCE 101

ISE North America Leadership Summit and Awards

Build Your Cybersecurity Team: Create a Strong Cybersecurity Workforce Using Best Practices in Development

EXTERNAL VACANCY CIRCULAR NO 3. OF 2018

Cloud Transformation Program Cloud Change Champions June 20, 2018

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

Are we breached? Deloitte's Cyber Threat Hunting

ROLE DESCRIPTION IT SPECIALIST

Click to edit Master title style. DIY vs. Managed SIEM

Audit & Inspection Department - Head Office: Manipal. Empanelment of CISA qualified individuals on Contract Basis for conducting IS Audits

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

The Council Information Assurance sector seeks a national expert to reinforce the area of 'security of EU classified information'.

Incident Response. Is Your CSIRT Program Ready for the 21 st Century?

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

Qualification Specification. Level 2 Award in Cyber Security Awareness For Business

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The successful applicant will be required to support the NSFAS ICT infrastructure.

Take Risks in Life, Not with Your Security

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Certification Exam Outline Effective Date: April 2018

Birmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018

Transcription:

NATIONAL INFORMATION TECHNOLOGY AUTHORITY - UGANDA (NITA-U) REGIONAL COMMUNICATIONS INFRASTRUCTURE PROGRAM (RCIP) INFORMATION SECURITY SPECIALIST TERMS OF REFERENCE February 2017 1

TERMS OF REFERENCE FOR THE INFORMATION SECURITY SPECIALIST UNDER PROJECT P130871: RCIP UGANDA 1.0 Background The Government of Uganda has secured funding from the International Development Association (IDA) to finance various activities under the Regional Communications Infrastructure Program (RCIP). The RCIP Uganda project will complement existing country ICT and e-government Infrastructure initiatives by helping boost the already existing e-government infrastructure and bridge the financing and technical gaps. It is intended that part of the proceeds of this credit will be applied to eligible payments for the services of an Information Security Specialist. The National Information Technology Authority Uganda (NITA-U) is the Implementing Agency for the project. Applications are hereby invited from eligible, suitably qualified and experienced persons for the vacant position of Information Security Specialist. 2.0 Objective of employment To maintain, support, and integrate Government of Uganda s security systems and infrastructure. An ideal candidate will have at least an active security certifications and current hands-on technical experience in end point, firewall security systems administration, network protocols and architecture, network/application security, IDS/IPS, forensics, encryption, vulnerability and risk analysis, privilege management and authentication. 3.0 Reporting The Information Security Specialist will functionally report to the Director Information Security or to a designated officer within that directorate. 2

4.0 Responsibilities and Tasks The primary responsibility of the Information Security Specialist will be implementing, maintaining and monitoring appropriate security controls for the protection of information assets and digital infrastructure, providing technical response for resolution of incidents, as well as delivering training on lessons learnt. The Information Security Specialist will have the following responsibilities: a) Configuring, deploying and maintaining information security tools and controls to protect information assets and digital infrastructure; b) Implementing information security policies and standards; c) Providing technical support for cyber related incident investigation and resolution; d) Monitoring the organizations networks and critical infrastructure for anomalies and breaches; e) Identifying industry approaches and testing tools for usage on IT systems and platforms; f) Carrying out vulnerability assessments and penetration tests for networks, IT systems and applications with capacity to propose remediation strategies; g) Providing technical support to the development of security standards, guidelines, and procedures; h) Preparing status reports on security matters to guide decision making; i) Manage the SIEM, Intrusion Prevention and detection solutions for the network; j) Training end users in information security awareness and procedures as per approved standards and policies; k) Developing periodic performance reports and supporting other IT teams; l) Implementing and maintaining business continuity and disaster recovery strategies; and m) Performing any other duties as may be assigned from time to time. 3

5.0 Qualifications, Competences and Experience Candidates should have the following qualifications, competencies and experience: 5.1 Qualifications a) Bachelor degree in computer science, engineering, information security, information systems, information technology or related field. b) Relevant information security certifications preferred such as CISSP, CISA, CISM, GIAC, GCFE, CEH, etc. 5.2 Experience a) At least three (3) years of information security experience with particular emphasis on configuration of security solutions such as firewalls, intrusion prevention and detection, vulnerability assessments, penetration testing and IT audits b) Demonstrable knowledge of information systems security standards, solutions and practices (e.g., access control, system hardening, system audit and log file monitoring, security policies, and incident handling). c) Demonstrate strong knowledge in various security threats, system vulnerabilities, threat exploitation methods, and solutions. d) Knowledge in risks associated with information security testing. e) Experience and knowledge of security protocols, computer and network forensics, multiple operating systems including Microsoft Windows, Linux and UNIX variants, Apple IOS, Google Android etc. and knowledge of security vendors and toolkits. f) Knowledge of network and server infrastructure technologies and devices including firewalls, routers, and switches. g) Demonstrable knowledge and experience with SIEM, IPS/IDS, vulnerability scanner, malware analysis, penetration testing, and APT methodologies. 4

h) Demonstrable experience and knowledge necessary to analyze and correlate events across various controls, including web proxy, endpoint protection, SIEM, and firewalls i) Knowledge of ISO27001, NIST 800-53 and similar standards will be an added advantage 6.0 Duration of Assignment The successful candidate shall be engaged on a three (3) year employment contract, renewable subject to satisfactory performance and business needs. 7.0 Other Required Skills and Competences a) Communications: Good communication skills (spoken and written), including the ability to communicate effectively with diverse audiences and to prepare a variety of written documents in a clear, and concise style. b) Teamwork: Good interpersonal skills and ability to establish and maintain effective working relations with people in a multi-cultural, multi-ethnic environment with sensitivity and respect for diversity. c) Integrity: Must be a person of proven honesty and does not tolerate corruption and unethical behaviors in all its forms and manifestations.. d) Innovation: Must be a person with ability to seek new ways of doing things efficiently to deliver value to our customers. e) Customer Centricity: Must be a person who strives to satisfy customers and clients. Should be able to understand what the customer wants and delivering it flawlessly. f) Quality: Must be a person who thinks of quality and continuous improvement in his/she our work.. 8.0 Application procedure: Interested applicants who meet the job requirements/specifications and with the right personal attributes are invited to complete and submit their application form (which can be down loaded from the NITA-U official website www.nita.go.ug), with a cover letter, supported by curriculum vitae, copies of certificates and testimonials, and must specify day time telephone contact, 5

postal and email addresses of both the applicant and three referees to the address below. The Executive Director, National Information Technology Authority UGANDA (NITA-U), Palm Courts, Plot 7A, Rotary Avenue (former Lugogo bypass) P.O. Box 33151, Kampala-Uganda Tel: +256 417 801 038 Or via email: rcip@nita.go.ug (application shouldn t be more than 10MB) Applicants must also submit with their application verifiable evidence supporting previous relevant appointments such as appointment letters and employment contracts. The deadline for applications is 10th March 2017 (Not later than 17.00 hrs. local time). No application will be accepted without a duly completed and signed standard application form (referred to above) and copies of academic documents. All hand delivered applications MUST be stapled. 9.0 Feedback Only successful candidates will be contacted. Any form of solicitation, influence peddling and or any other backdoor attempt, of whatsoever nature, to influence the selection process in ones favour, will automatically lead to disqualification of a candidate without any recourse. EXECUTIVE DIRECTOR 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback