Cyber Security Analyst at Bank of Africa Kenya Limited

Responsibilities and Accountabilities. 

Information Security & Risk Management

• Participate in identifying, assessing, and documenting IT/cyber risks.
• Assist in updating and maintaining the IT risk register.
• Track risk treatment plans and follow up with control owners.
• Support vulnerability tracking and assist in coordinating remediation activities.
• Help monitor and log security incidents and ensure timely reporting.

ISO 27001:2022 Implementation Support

• Assist in drafting and updating ISMS documents (policies, procedures, SOPs, risk assessments).
• Help conduct ISMS gap assessments and internal audits.
• Collect, organize, and maintain compliance evidence for ISO controls.
• Assist in tracking corrective and preventive actions (CAPA).
• Conduct periodic reviews to ensure departments maintain ISMS alignment.

PCI DSS Certification Support

• Assist in mapping cardholder data flows and maintaining network diagrams.
• Help prepare and update PCI DSS evidence (screenshots, process documents, change logs).
• Participate in internal readiness assessments and support Qualified Security Assessor (QSA) activities.
• Track remediation tasks for PCI requirements and follow up with IT teams.
• Monitor compliance with ongoing PCI DSS activities (log reviews, vulnerability scans, patching).

Governance, Risk & Compliance (GRC)

• Assist in monitoring compliance with internal IT and security policies.
• Support third‑party risk assessments of IT vendors and service providers.
• Assist in compiling periodic information security and risk reports.

Operational Support

• Maintain organized documentation repositories (ISMS library, SharePoint, etc.).
• Track deadlines, deliverables, and progress for certification projects.
• Assist in convening risk and security meetings, preparing minutes and follow‑up actions.
• Coordinate with teams across IT, operations, business units, and external auditors.

Minimum Requirements; Work Experience, Academic and Professional Qualifications.

• Bachelor’s degree in IT, Information Systems, Computer Science, Cyber Security, or related fields.
• Basic knowledge of information security and risk management concepts.
• Familiarity with ISO 27001 and PCI DSS is an advantage.
• Understanding of networks, servers, operating systems, and databases.
• Ability to analyze logs, configurations, and security events.

Added Advantage Certifications. 

• ISO 27001 Internal Auditor / Implementer
• CompTIA Security+
• ISC2 Certified in Cybersecurity (CC)
• ITIL Foundation
• Beginner‑level GRC or cybersecurity courses