Officer - Policy & IT Risk Management - 3 Positions at Kenya Revenue Authority (KRA)

Job Summary:                 

 The jobholder is responsible for supporting the implementation of Information Security management System based on ISO27001 and best practice.

• Key Responsibilities: Implement Information Security Management System based on the ISO/IEC 27001 series standards, including preparation for certification against ISO/IEC 27001
• Perform gap analysis of information security standards such as ISO 27001 and create compliance reports for information security standards such as ISO 27001
• Develop/review IS policies, standards, procedures and guidelines, in liaison with the stakeholder to obtain appropriate approvals and feedback for implementation.
• Compliance monitoring and improvement activities to ensure adherence to internal security policies, procedure, standards and applicable laws and regulations
• Support departments to manage implementation of information security management system.
• Prepare materials and conduct Information security awareness, training and educational activities to stakeholders.
• Manages information security risk assessments and controls selection activities
• Perform testing of internal controls specified in Information Security Policies and Perform internal audit reviews to assess the effectiveness of current information security controls
• Ensure timely and effective corrective actions are taken to correct deficiencies and provide status reporting.
• Support the Information Security program including development, collection, assessment, and reporting of metrics
• Recommend security policy changes and enhancements as needed
• Conduct mock ISO Audits and, report on departments’ preparedness for final audit and certification
• Support ISO 27001- audit and certification activities Day-to-day information security operations, supervision, reporting, management of performance and development of staff in the function

Academic Qualifications

A Bachelor’s degree in Computer Science or related field from a recognized institution.

Professional Qualifications 

Must have at least one of the following security certifications or training in CISA/CISM/CEH/CHFI/ECIH/CISSP/ISO 27001/CRISP,

Relevant Work Experience  

At least one (1) year related IT security work experience in a large or busy organization.

Technical Skills Required:

• Experience in Information Security Management System
• Experience in development of policies and procedures
• Knowledge in Information security risk management
• Experience in Information security awareness development and training
• Experience in cyber security threat Analysis or incident management

Key Competencies:

• Excellent stakeholder engagement skills
• Analytical mind with problem-solving aptitude
• Excellent listening, communication and presentation skills
• Reliable and thorough with a deep commitment to accuracy
• Self-motivated and able to work independently
• A team player
• Ability to prioritize competing work commitments and deliver on time