About NITA-U:
The National Information Technology Authority-Uganda (NITA-U) was established as a statutory body under the National Information Technology Authority, Uganda Act, 2009 as one of the key players in the Information and Communications Technology Sector. Its mandated is to coordinate, promote and monitor IT development within the context of national social and economic development, with a vision as “a facilitator of a knowledge-based, globally competitive Uganda where social transformation and economic development is supported through IT enabled services.”
About World Bank RCIP Program:
The Government of Uganda has secured funding from the International Development Association (IDA) to finance various activities under the Regional Communications Infrastructure Program (RCIP). The Regional Communication Infrastructure Program (RCIP) Uganda will complement existing country ICT and e-government Infrastructure initiatives by helping boost the already existing e-government infrastructure and bridge the financing and technical gaps. The project will be implemented by the National Information Technology Authority-Uganda (NITA-U). The beneficiaries will be the Ministry of Information Communications Technology (MoICT) and Public Procurement and Disposal of Public assets Authority (PPDA).
Job Summary: The Information Security Specialist will maintain, support, and integrate Government of Uganda’s security systems and infrastructure. The Information Security Specialist will be implementing, maintaining and monitoring appropriate security controls for the protection of information assets and digital infrastructure, providing technical response for resolution of incidents, as well as delivering training on lessons learnt.
Key Duties and Responsibilities:
In charge of configuring, deploying and maintaining information security tools and controls to protect information assets and digital infrastructure;
The jobholder will be implementing information security policies and standards;
Offering technical support for cyber related incident investigation and resolution;
In charge of monitoring the organizations networks and critical infrastructure for anomalies and breaches;
Preparing status reports on security matters to guide decision making;
Identifying industry approaches and testing tools for usage on IT systems and platforms;
Conducting vulnerability assessments and penetration tests for networks, IT systems and applications with capacity to propose remediation strategies;
Providing technical support to the development of security standards, guidelines, and procedures;
Manage the SIEM, Intrusion Prevention and detection solutions for the network;
Mentoring and training end users in information security awareness and procedures as per approved standards and policies;
Preparing and submitting periodic performance reports and supporting other IT teams;
Implementing and maintaining business continuity and disaster recovery strategies;
Performing any other duties as may be assigned from time to time.
Qualifications, Skills and Experience:
The ideal candidate for the World Bank RCIP Information Security Specialist job vacancy should hold a Bachelor’s Degree in computer science, engineering, information security, information systems, information technology or related field.
Relevant information security certifications preferred such as CISSP, CISA, CISM, GIAC, GCFE, CEH, etc.
A minimum of three years of information security experience with particular emphasis on configuration of security solutions such as firewalls, intrusion prevention and detection, vulnerability assessments, penetration testing and IT audits
The ideal candidate will have at least an active security certifications and current hands-on technical experience in end point, firewall security systems administration, network protocols and architecture, network/application security, IDS/IPS, forensics, encryption, vulnerability and risk analysis, privilege management and authentication.
Extensive knowledge of information systems security standards, solutions and practices (e.g., access control, system hardening, system audit and log file monitoring, security policies, and incident handling).
Demonstrate strong knowledge in various security threats, system vulnerabilities, threat exploitation methods, and solutions.
Broad knowledge in risks associated with information security testing.
Significant exposure and knowledge of security protocols, computer and network forensics, multiple operating systems including Microsoft Windows, Linux and UNIX variants, Apple IOS, Google Android etc. and knowledge of security vendors and toolkits.
Working knowledge of network and server infrastructure technologies and devices including firewalls, routers, and switches.
Demonstrable knowledge and experience with SIEM, IPS/IDS, vulnerability scanner, malware analysis, penetration testing, and APT methodologies.
Proven experience and knowledge necessary to analyze and correlate events across various controls, including web proxy, endpoint protection, SIEM, and firewalls
Knowledge of ISO27001, NIST 800-53 and similar standards will be an added advantage
Personal Competencies:
Communications: Good communication skills (spoken and written), including the ability to communicate effectively with diverse audiences and to prepare a variety of written documents in a clear, and concise style.
Teamwork: Good interpersonal skills and ability to establish and maintain effective working relations with people in a multi-cultural, multi-ethnic environment with sensitivity and respect for diversity.
Integrity: Must be a person of proven honesty and does not tolerate corruption and unethical behaviors in all its forms and manifestations..
Innovation: Must be a person with ability to seek new ways of doing things efficiently to deliver value to our customers.
Customer Centricity: Must be a person who strives to satisfy customers and clients. Should be able to understand what the customer wants and delivering it flawlessly.
Quality: Must be a person who thinks of quality and continuous improvement in his/she our work.
How to Apply:
All candidates who meet the job requirements/specifications and with the right personal attributes are invited to complete and submit their application form, download here, with a cover letter, supported by curriculum vitae, copies of certificates and testimonials, and must specify day time telephone contact, postal and email addresses of both the applicant and three referees, to the address below.
The Executive Director,
National Information Technology
Authority – UGANDA (NITA-U),
Palm Courts, Plot 7A, Rotary Avenue (former Lugogo bypass)
P.O. Box 33151, Kampala-Uganda
Tel: 0417 801 038
Or via email: rcip@nita.go.ug (application must not exceed 10MBs)
Applicants must also submit with their application verifiable evidence supporting previous relevant appointments such as appointment letters and employment contracts.
Deadline: 10th March 2017 by 5:00 PM