Background information about the job or company (e.g., role context, company overview)

The Kenya Mortgage Refinance Company (KMRC) was established as a key institution to support the Affordable Housing Pillar of the Government's Big 4 Agenda.

Purpose of the Job

Responsible for managing the ICT infrastructure to ensure the stability, security, and efficiency of the companys IT environment. This role ensures that all IT systems, including networks, servers, and hardware, are functioning optimally, which is essential for supporting daily operations and strategic initiatives. Responsible with keeping up with the increasing complexity of IT infrastructure and the growing threat of cyber-attacks and deploying safeguards to these systems minimizing downtime, enhancing performance, and protecting sensitive data.

Responsibilities or duties

Duties and Responsibilities

• Conduct regular risk assessments to the ICT infrastructure
• Develop and deliver the companys Cyber Security strategy and drive strong operational capabilities to protect the company.
• Design, implement and manage sound Security controls and ensure all risks are effectively managed or mitigated and processes optimised for maximum efficiency.
• Obtain and maintain operational excellence within the business, achieving, maintaining and promoting relevant ISO standards and industry best practice for cyber security and infrastructure management.
• Implement, monitor, and manage security aspects for the IT network, infrastructure and applications
• Ensure adequate budget, resource and management focus on cyber security risks and mitigation
• Budget planning for Cyber Security activities, products and solutions
• Effectively manage risk operational requirements for company in terms of Cyber Security and network infrastructure.
• Collaborate with vendors and service providers to procure Networking, Hardware and Security solutions
• Prepare and present ICT periodic reports to the management.
• Formulating and analysing ICT policies, processes, procedures and ensuring compliance.
• Monitoring LAN/WAN and company firewalls.
• Install, configure and upgrade network, hardware and security infrastructure.
• Coordinate activities geared towards troubleshooting and remediating cybersecurity incidents.
• Participate in project meetings and contribute to design reviews from high level application architecture to configuration of OS, Network, security parameters to meet security goals
• Document and review changes, operationalizing and troubleshooting of cyber security platforms and procedures
• Coordinating the development and implementation of departmental work plans; budgets and timely reports
• Implementation of Infrastructure related audit recommendations
• Perform any other duties as may be assigned from time to time.

Key Result Areas:

The jobholders accountability areas are outlined as follows:

• Conduct regular risk assessments, design, implement, and manage security controls to mitigate risks and optimize processes.
• Achieve and maintain relevant standards and industry best practices.
• Formulate and analyze ICT policies, ensuring compliance.
• Implement, monitor, and manage security aspects for IT networks, infrastructure, and applications.
• Monitor LAN/WAN and company firewalls, and coordinate cybersecurity incident responses.
• Ensure adequate budget and resources for cyber security risks and mitigation.
• Collaborate with vendors and service providers to procure networking, hardware, and security solutions.
• Participate in project meetings and contribute to design reviews.
• Prepare and present ICT periodic reports to management.

Qualifications or requirements (e.g., education, skills)

Knowledge and Skills Required:

The jobholder must possess:

• A bachelors degree in electrical engineering, Computer Science, Technology management or related fields.
• One Professional information security qualifications such as CISSP, CISM, CISA and CCNA
• Being a member of an ICT professional body is an added advantage.
• Understanding of network and systems architecture, platform security, network security, application security, data security, cloud security, database security, user access management and embedded device security.
• Strong problem-solving and analytical skills, with the ability to diagnose and resolve complex ICT incidences efficiently
• Excellent communication and interpersonal abilities, with the capacity to convey technical concepts to non-technical users.
• Ability to work independently and collaboratively in a fast-paced, dynamic environment, managing multiple priorities and deadlines effectively.
• Should be analytical and be result oriented.
• Must have high standards of integrity and ethical practice.
• Must be capable of functioning effectively both as a team player and a team leader.
• Must have ability to accurately plan work assignments, prioritize tasks and deliver deadlines.

Experience needed

A minimum of 2 years of working experience in a similar role.

• Conduct regular risk assessments to the ICT infrastructure
• Develop and deliver the companys Cyber Security strategy and drive strong operational capabilities to protect the company.
• Design, implement and manage sound Security controls and ensure all risks are effectively managed or mitigated and processes optimised for maximum efficiency.
• Obtain and maintain operational excellence within the business, achieving, maintaining and promoting relevant ISO standards and industry best practice for cyber security and infrastructure management.
• Implement, monitor, and manage security aspects for the IT network, infrastructure and applications
• Ensure adequate budget, resource and management focus on cyber security risks and mitigation
• Budget planning for Cyber Security activities, products and solutions
• Effectively manage risk operational requirements for company in terms of Cyber Security and network infrastructure.
• Collaborate with vendors and service providers to procure Networking, Hardware and Security solutions
• Prepare and present ICT periodic reports to the management.
• Formulating and analysing ICT policies, processes, procedures and ensuring compliance.
• Monitoring LAN/WAN and company firewalls.
• Install, configure and upgrade network, hardware and security infrastructure.
• Coordinate activities geared towards troubleshooting and remediating cybersecurity incidents.
• Participate in project meetings and contribute to design reviews from high level application architecture to configuration of OS, Network, security parameters to meet security goals
• Document and review changes, operationalizing and troubleshooting of cyber security platforms and procedures
• Coordinating the development and implementation of departmental work plans; budgets and timely reports
• Implementation of Infrastructure related audit recommendations
• Perform any other duties as may be assigned from time to time.

• Understanding of network and systems architecture, platform security, network security, application security, data security, cloud security, database security, user access management and embedded device security.
• Strong problem-solving and analytical skills, with the ability to diagnose and resolve complex ICT incidences efficiently
• Excellent communication and interpersonal abilities, with the capacity to convey technical concepts to non-technical users.
• Ability to work independently and collaboratively in a fast-paced, dynamic environment, managing multiple priorities and deadlines effectively.
• Should be analytical and be result oriented.
• Must have high standards of integrity and ethical practice.
• Must be capable of functioning effectively both as a team player and a team leader.
• Must have ability to accurately plan work assignments, prioritize tasks and deliver deadlines.

• A bachelors degree in electrical engineering, Computer Science, Technology management or related fields.
• One Professional information security qualifications such as CISSP, CISM, CISA and CCNA
• Being a member of an ICT professional body is an added advantage.