NATIONAL INFORMATION TECHNOLOGY AUTHORITY - UGANDA (NITA-U) REGIONAL COMMUNICATIONS INFRASTRUCTURE PROGRAM (RCIP) INFORMATION SECURITY SPECIALIST TERMS OF REFERENCE February 2017 1
TERMS OF REFERENCE FOR THE INFORMATION SECURITY SPECIALIST UNDER PROJECT P130871: RCIP UGANDA 1.0 Background The Government of Uganda has secured funding from the International Development Association (IDA) to finance various activities under the Regional Communications Infrastructure Program (RCIP). The RCIP Uganda project will complement existing country ICT and e-government Infrastructure initiatives by helping boost the already existing e-government infrastructure and bridge the financing and technical gaps. It is intended that part of the proceeds of this credit will be applied to eligible payments for the services of an Information Security Specialist. The National Information Technology Authority Uganda (NITA-U) is the Implementing Agency for the project. Applications are hereby invited from eligible, suitably qualified and experienced persons for the vacant position of Information Security Specialist. 2.0 Objective of employment To maintain, support, and integrate Government of Uganda s security systems and infrastructure. An ideal candidate will have at least an active security certifications and current hands-on technical experience in end point, firewall security systems administration, network protocols and architecture, network/application security, IDS/IPS, forensics, encryption, vulnerability and risk analysis, privilege management and authentication. 3.0 Reporting The Information Security Specialist will functionally report to the Director Information Security or to a designated officer within that directorate. 2
4.0 Responsibilities and Tasks The primary responsibility of the Information Security Specialist will be implementing, maintaining and monitoring appropriate security controls for the protection of information assets and digital infrastructure, providing technical response for resolution of incidents, as well as delivering training on lessons learnt. The Information Security Specialist will have the following responsibilities: a) Configuring, deploying and maintaining information security tools and controls to protect information assets and digital infrastructure; b) Implementing information security policies and standards; c) Providing technical support for cyber related incident investigation and resolution; d) Monitoring the organizations networks and critical infrastructure for anomalies and breaches; e) Identifying industry approaches and testing tools for usage on IT systems and platforms; f) Carrying out vulnerability assessments and penetration tests for networks, IT systems and applications with capacity to propose remediation strategies; g) Providing technical support to the development of security standards, guidelines, and procedures; h) Preparing status reports on security matters to guide decision making; i) Manage the SIEM, Intrusion Prevention and detection solutions for the network; j) Training end users in information security awareness and procedures as per approved standards and policies; k) Developing periodic performance reports and supporting other IT teams; l) Implementing and maintaining business continuity and disaster recovery strategies; and m) Performing any other duties as may be assigned from time to time. 3
5.0 Qualifications, Competences and Experience Candidates should have the following qualifications, competencies and experience: 5.1 Qualifications a) Bachelor degree in computer science, engineering, information security, information systems, information technology or related field. b) Relevant information security certifications preferred such as CISSP, CISA, CISM, GIAC, GCFE, CEH, etc. 5.2 Experience a) At least three (3) years of information security experience with particular emphasis on configuration of security solutions such as firewalls, intrusion prevention and detection, vulnerability assessments, penetration testing and IT audits b) Demonstrable knowledge of information systems security standards, solutions and practices (e.g., access control, system hardening, system audit and log file monitoring, security policies, and incident handling). c) Demonstrate strong knowledge in various security threats, system vulnerabilities, threat exploitation methods, and solutions. d) Knowledge in risks associated with information security testing. e) Experience and knowledge of security protocols, computer and network forensics, multiple operating systems including Microsoft Windows, Linux and UNIX variants, Apple IOS, Google Android etc. and knowledge of security vendors and toolkits. f) Knowledge of network and server infrastructure technologies and devices including firewalls, routers, and switches. g) Demonstrable knowledge and experience with SIEM, IPS/IDS, vulnerability scanner, malware analysis, penetration testing, and APT methodologies. 4
h) Demonstrable experience and knowledge necessary to analyze and correlate events across various controls, including web proxy, endpoint protection, SIEM, and firewalls i) Knowledge of ISO27001, NIST 800-53 and similar standards will be an added advantage 6.0 Duration of Assignment The successful candidate shall be engaged on a three (3) year employment contract, renewable subject to satisfactory performance and business needs. 7.0 Other Required Skills and Competences a) Communications: Good communication skills (spoken and written), including the ability to communicate effectively with diverse audiences and to prepare a variety of written documents in a clear, and concise style. b) Teamwork: Good interpersonal skills and ability to establish and maintain effective working relations with people in a multi-cultural, multi-ethnic environment with sensitivity and respect for diversity. c) Integrity: Must be a person of proven honesty and does not tolerate corruption and unethical behaviors in all its forms and manifestations.. d) Innovation: Must be a person with ability to seek new ways of doing things efficiently to deliver value to our customers. e) Customer Centricity: Must be a person who strives to satisfy customers and clients. Should be able to understand what the customer wants and delivering it flawlessly. f) Quality: Must be a person who thinks of quality and continuous improvement in his/she our work.. 8.0 Application procedure: Interested applicants who meet the job requirements/specifications and with the right personal attributes are invited to complete and submit their application form (which can be down loaded from the NITA-U official website www.nita.go.ug), with a cover letter, supported by curriculum vitae, copies of certificates and testimonials, and must specify day time telephone contact, 5
postal and email addresses of both the applicant and three referees to the address below. The Executive Director, National Information Technology Authority UGANDA (NITA-U), Palm Courts, Plot 7A, Rotary Avenue (former Lugogo bypass) P.O. Box 33151, Kampala-Uganda Tel: +256 417 801 038 Or via email: rcip@nita.go.ug (application shouldn t be more than 10MB) Applicants must also submit with their application verifiable evidence supporting previous relevant appointments such as appointment letters and employment contracts. The deadline for applications is 10th March 2017 (Not later than 17.00 hrs. local time). No application will be accepted without a duly completed and signed standard application form (referred to above) and copies of academic documents. All hand delivered applications MUST be stapled. 9.0 Feedback Only successful candidates will be contacted. Any form of solicitation, influence peddling and or any other backdoor attempt, of whatsoever nature, to influence the selection process in ones favour, will automatically lead to disqualification of a candidate without any recourse. EXECUTIVE DIRECTOR 6