Background information about the job or company (e.g., role context, company overview)

The Higher Education Loans Board, HELB, is the leading financier of higher education in Kenya. It is a State Corporation under the then Ministry of Higher Education, Science and Technology. HELB was established by an Act of Parliament (Cap 213A) in 1995.The mandate of the Board is to disburse loans, bursaries and scholarship to students pursuing higher educa...

Responsibilities or duties

The job holder is responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats and assurance of business recovery strategies through an elaborate Business Continuity Plan (BCP) and Disaster Recovery Site (DRS) Governance Framework.

Qualifications or requirements (e.g., education, skills)

Information Systems Security & Data Protection

• Implementing the ICT strategy to ensure that the long- and short-term ICT plans are aligned to the overall business strategy.
• Implementing and monitoring ICT Work Plans, policies, standard operating procedures and best practices to provide guidance to users.
• Coordinating maintenance of computerized prosecution processes, case management system, network infrastructure administration and upgrading of network systems and desktop environment.
• Supervising compliance with all regulations, procedures, policies and quality standards in the delivery of services.
• Implementing the divisional budget and procurement plans.
• Implementing the ICT disaster management strategies to ensure the network systems, physical environment, data and users are protected against cybercrime, risk exposure, unauthorized access and data loss in line with the Kenya Information and Communication Act and Kenya Cyber Security and Protection Bill.
• Implementing the ICT risk management framework that supports the management of ICT-related risks for the integrity and confidentiality of information.
• Preparing ICT user training programs and materials in liaison with Human Resource Management and Development as well as other relevant authorities.
• Implementing the ICT security infrastructure that is responsive to requirements and upholds best practices.
• Implementing the disaster recovery systems and business continuity plans.
• Preparing quarterly and annual divisional reports and sharing them with management for informed decision-making.
• Ensuring the organization’s handling and collection of personal data of staff, customers, providers or other data subjects complies with applicable data protection rules.
• Supervising performance management in the division.

Experience needed

For appointment to this grade an officer must have:

• Served for a cumulative period of twelve (12) years relevant work experience, three (3) of which must have been at the grade of Principal Information Communication Technology Officer or in a comparable position.

Any other provided details (e.g., benefits, work environment, team info, or additional notes)

Key Skills and Competencies

• Communication skills.
• Experience in configurations of top-tier ERP solutions.
• Proficiency in programming.
• Database querying.
• Data analytics.
• Demonstrated appetite for innovation and disruptive technologies.
• Team player.
• Interpersonal skills.
• Emotional intelligence.
• Data integration, data warehousing, business intelligence, OLAP and data mining, as well as familiarity with ICT standards such as ITIL and COBIT.
• Risk management and reporting.
• Information and network security.
• Experience with Unix, Linux and Windows operating systems.
• Experience with contact center technologies.
• Management course lasting not less than four (4) weeks.

• Implementing the ICT strategy to ensure that the long- and short-term ICT plans are aligned to the overall business strategy.
• Implementing and monitoring ICT Work Plans, policies, standard operating procedures and best practices to provide guidance to users.
• Coordinating maintenance of computerized prosecution processes, case management system, network infrastructure administration and upgrading of network systems and desktop environment.
• Supervising compliance with all regulations, procedures, policies and quality standards in the delivery of services.
• Implementing the divisional budget and procurement plans.
• Implementing the ICT disaster management strategies to ensure the network systems, physical environment, data and users are protected against cybercrime, risk exposure, unauthorized access and data loss in line with the Kenya Information and Communication Act and Kenya Cyber Security and Protection Bill.
• Implementing the ICT risk management framework that supports the management of ICT-related risks for the integrity and confidentiality of information.
• Preparing ICT user training programs and materials in liaison with Human Resource Management and Development as well as other relevant authorities.
• Implementing the ICT security infrastructure that is responsive to requirements and upholds best practices.
• Implementing the disaster recovery systems and business continuity plans.
• Preparing quarterly and annual divisional reports and sharing them with management for informed decision-making.
• Ensuring the organization’s handling and collection of personal data of staff, customers, providers or other data subjects complies with applicable data protection rules.
• Supervising performance management in the division.

• Communication skills.
• Experience in configurations of top-tier ERP solutions.
• Proficiency in programming.
• Database querying.
• Data analytics.
• Demonstrated appetite for innovation and disruptive technologies.
• Team player.
• Interpersonal skills.
• Emotional intelligence.
• Data integration, data warehousing, business intelligence, OLAP and data mining, as well as familiarity with ICT standards such as ITIL and COBIT.
• Risk management and reporting.
• Information and network security.
• Experience with Unix, Linux and Windows operating systems.
• Experience with contact center technologies.
• Management course lasting not less than four (4) weeks.

• Bachelor’s degree in Information Technology, Computer Science, Business IT, Software Engineering, ICT Project Management, Computer Engineering or any other equivalent qualification from a recognized institution.
• Master’s Degree in Information Technology, Computer Science, Business Information Technology, Software Engineering, Project Management, Business Administration, Data Science, Computer Engineering or any other equivalent qualification from a recognized institution.
• Leadership course lasting not less than four (4) weeks from a recognized institution.
• Professional qualification in any two of the following: CISA, CISM, CRISM, CEH, CISSP, MCSE, MCITP, CCNA, Project Management Certification, SSCP, CompTIA Security+, OSCP or VOIP.
• Membership of a relevant professional body and in good standing where applicable.
• A valid practicing certificate where applicable.
• Shown merit and ability as reflected in work performance and results.