Role: Information Security Analyst
Location: Nairobi, Kenya – Full time
Pay range: KES 70,000 – KES 90,000 gross
About Savannah Informatics
Savannah Informatics is a Kenyan e-health software company founded by clinicians and finance specialists to deliver interoperable, connected solutions for healthcare facilities, organizations, and regions.
Our vision is to enable a better healthcare future for Kenya through the pioneering use of information technology and knowledge creation.
We are a company with great ideas and employees. Working across various customer sites, our work epitomizes the future we foresee in the East African health sector: efficiency, higher value, better quality, and outcomes for patients and other consumers of health.
Our customers partner with Savannah in delivering challenging projects, thus believing in the capabilities of our employees.
The Savannah team is made up of medical doctors, project managers, and software engineers, who have a common aspiration of transforming the region’s health care.
If you share our motivation, vision, and aspirations, check out the careers page of our corporate website.
Job Description
As an Information Security Analyst, you will be responsible for safeguarding Savannah Informatics’ digital assets and ensuring the confidentiality, integrity, and availability of information across the organization.
You will play a key role in identifying security threats, developing strategies to mitigate risks, and working closely with cross-functional teams to ensure our systems meet industry standards and regulatory requirements for healthcare information security.
If you’re detail-oriented, have a passion for cybersecurity, and are eager to make an impact on the healthcare technology landscape in East Africa, we’d like to hear from you!
Responsibilities
- Conduct regular assessments to identify security vulnerabilities, risks, and threats to the organization’s information systems and assets.
- Implement and maintain monitoring tools to detect and respond to security incidents in real-time, ensuring timely and effective response to threats.
- Develop, review, and enforce security policies, guidelines, and procedures to safeguard sensitive data and comply with healthcare regulations.
- Lead or assist in investigating security breaches, conducting root cause analyses, and implementing corrective actions to prevent future occurrences.
- Conduct ongoing training for employees on security best practices, phishing attacks, password hygiene, and other information security topics.
- Identify and manage vulnerabilities in systems, applications, and networks by applying patches and updates and collaborating with IT and development teams.
- Ensure the organization’s security policies and practices comply with relevant regulatory frameworks, such as HIPAA, GDPR, and local data protection laws.
- Prepare for and support external audits by providing evidence of compliance with security standards and frameworks.
- Implement and maintain encryption standards, firewalls, and access control mechanisms to protect data.
- Stay informed on the latest cybersecurity threats, trends, and best practices, recommending solutions and preventive measures.
Requirements
- Bachelor’s degree in Computer Science, Information Technology, or a related field.
- Exceptional academic track record from both high school and university
- Proven experience in information security, cybersecurity, or a related field.
- Knowledge of security standards and frameworks such as ISO 27001.
- Familiarity with security tools and technologies, including firewalls, intrusion detection/prevention systems (IDPS), encryption protocols, and endpoint protection.
- Experience with vulnerability management tools and SIEM solutions .
- Strong understanding of networking protocols, operating systems, and database security principles.
- Ability to assess risks, identify security vulnerabilities, and recommend mitigation strategies.
- Excellent problem-solving skills with a strong attention to detail.
- Ability to work independently and collaboratively with cross-functional teams.
- Certifications related to the role are a plus but not required.
- Experience in healthcare or e-Health security is a plus.
Benefits
- Great mission and company culture
- Impact work across the Healthcare sector
- Growth Opportunities
- Market Competitive Salary
- Health and Medical benefits package