Manager Governance Risk and Compliance at Kenya Airways

Brief Description        

• The Technology Manager, Governance, Risk, andCompliance (GRC) will be required to assist the Head of Technology Risk and Security to promote the organizational culture and shared cyber securityownership and information assets protection. She/he will be required tosafeguard Kenya Airways’ (KQ) critical information infrastructure against external aggression from cyber criminals through adherence to security best practice; proactive in data protection, Technology governance, risk managementand compliance to security best practice. The job holder will be proactive on audit follow up and closure for internal, external and vulnerability assessment and penetration testing closure of findings.

Detailed Description        

• Governance Framework Development: Developing and implementing a robust governance framework that outlines the organization's structure, processes, and controls to ensure compliance with applicable laws, regulations, and internal policies. This includes establishing governance policies, standards, and procedures.
• Risk Management:Overseeing the organization's risk management processes, including identifying,assessing, and prioritizing risks. Developing risk mitigation strategies and controls, and monitoring risk levels and trends. This involves working closely with various stakeholders to embed risk management practices into business operations.
• Compliance Management:Ensuring compliance with relevant laws, regulations, and industry standards.Monitoring regulatory developments and updating policies and procedures accordingly.Conducting compliance audits, assessments, and investigations to identify compliance gaps and implementing corrective actions.
• Policy Development and Management: Developing and maintaining a comprehensive set of policies andprocedures that align with regulatory requirements and organizational objectives. Ensuring policies are communicated effectively to employees,monitored for compliance, and updated as needed.
• Training and Awareness:Developing and delivering training programs and awareness campaigns to educate employees on governance, risk management, and compliance matters. Promoting aculture of compliance and ethics throughout the organization.
• Internal Controls:Establishing and monitoring internal control systems to safeguard assets,ensure data integrity, and maintain compliance. Implementing controls to address identified risks and conducting periodic assessments to evaluate their effectiveness.
• Incident and Issue Management: Managing and responding to incidents, breaches, and compliance issues promptly and effectively. Investigating incidents, identifying root causes, and implementing corrective actions to prevent reoccurrence.
• Stakeholder Engagement:Collaborating with internal and external stakeholders, including senior management, business units, auditors, and regulatory bodies. Building relationships, providing guidance on governance and compliance matters, andaddressing stakeholder concerns.
• Reporting and Metrics:Generating and presenting regular reports on governance, risk, and compliance activities to senior management and the board of directors. Developing and tracking key performance indicators (KPIs) and metrics to assess the effectiveness of GRC initiatives and identify areas for improvement.
• Continuous Improvement:Driving a culture of continuous improvement by identifying opportunities to enhance governance, risk management, and compliance processes. Staying abreast of industry trends and emerging best practices and implementing relevant improvements to enhance the organization's GRC capabilities.

Job Requirements        

• Bachelor’s or master’s degree in information technology, Computer Science or equivalent.
• Information security related training or certifications such as CISA, CISSP, GIAC, CISM,CRISC or CEH
• Experience performing information security audits or risk assessments
• 5+ years ofadvanced IT skills with high level of information security experience andexpertise in
• Knowledge of information security risk management frameworks and compliance practices.
• Knowledge of securing network technologies, applications, and operating systems.
• Ability to develop security standards and guidelines based on ISO 27001 best practice and industry standards
• Understanding of common security standards and regulations relating to a higher education environment(e.g., PCI DSS, NIST, ISO27001, GDPR , IOSA, DPAK etc.)
• Capable of enforcing data privacy requirements for the airline IT systems.
• Must be able to assess computer hardware, software, and systems for security risks or violations and work with cyber security engineers and technology vendors to recommend solutions.

Additional Details        

• Able to solve problems quickly and resolve issues
• Managing budgets
• Interacts in both oral and written communications with all levels of departments including in matters related to information security and security awareness materials.
• Ability to effectively present information to clients, public groups, employees,management