Jobs at Kenya Revenue Authority (KRA)

Job Summary:                 

 The jobholder is responsible for supporting the implementation of Information Security management System based on ISO27001 and best practice.

Key Responsibilities:

• Implement Information Security Management System based on the ISO/IEC 27001 series standards, including preparation for certification against ISO/IEC 27001
• Perform gap analysis of information security standards such as ISO 27001 and create compliance reports for information security standards such as ISO 27001
• Develop/review IS policies, standards, procedures and guidelines, in liaison with the stakeholder to obtain appropriate approvals and feedback for implementation.
• Compliance monitoring and improvement activities to ensure adherence to internal security policies, procedure, standards and applicable laws and regulations
• Support departments to manage implementation of information security management system.
• Prepare materials and conduct Information security awareness, training and educational activities to stakeholders.
• Manages information security risk assessments and controls selection activities
• Perform testing of internal controls specified in Information Security Policies and Perform internal audit reviews to assess the effectiveness of current information security controls
• Ensure timely and effective corrective actions are taken to correct deficiencies and provide status reporting.
• Support the Information Security program including development, collection, assessment, and reporting of metrics
• Recommend security policy changes and enhancements as needed
• Conduct mock ISO Audits and, report on departments’ preparedness for final audit and certification
• Support ISO 27001- audit and certification activities Day-to-day information security operations, supervision, reporting, management of performance and development of staff in the function

Academic Qualifications

• A Bachelor’s degree in Computer Science or related field from a recognized institution.

Professional Qualifications 

• Must have at least one of the following security certifications or training in CISA/CISM/CEH/CHFI/ECIH/CISSP/ISO 27001/CRISP,

Relevant Work Experience  

• At least one (1) year related IT security work experience in a large or busy organization.

Technical Skills Required:

• Experience in Information Security Management System
• Experience in development of policies and procedures
• Knowledge in Information security risk management
• Experience in Information security awareness development and training
• Experience in cyber security threat Analysis or incident management

Key Competencies:

• Excellent stakeholder engagement skills
• Analytical mind with problem-solving aptitude
• Excellent listening, communication and presentation skills
• Reliable and thorough with a deep commitment to accuracy
• Self-motivated and able to work independently
• A team player
• Ability to prioritize competing work commitments and deliver on time

go to method of application »

Job Summary:     

The job holder is responsible for carrying out cyber security monitoring of the Authority’s IT infrastructure and business systems for malicious activity and/or active threats. The role also involves responding to security incidents including containment, eradication and recovery in the 24/7 Security Operations Centre (SOC).

Key Responsibilities:

• Monitor and analyze logs and alerts from a variety of different technologies across multiple platforms in order to identify and mitigate potential (or active) threats, intrusions, and/or compromises in the 24/7 SOC.
• Provide timely detection, identification and alerts of possible attacks/intrusions, anomalous activities, and distinguish these incidents and events from benign activities.
• Identify cyber-attacks targeted to the KRA network and systems, advise and block cyber attacks
• Triage and investigate active threats, security breaches and other cyber security incidents.
• Perform deep-dive incident analysis by correlating data from various sources. Generate/Review event analysis reports of incident investigations
• Escalates cyber security events according to the Authority’s Cyber Security Incident Response Plan
• Monitor and gather threat intelligence from the deep web and dark web for potential threats and incidents, and analyze such threats and risks and recommend appropriate mitigating measures.
• Ensure conformity to ISO (9001/2015 and 27001/2013) and data security requirements.

Academic Qualifications

• Bachelor’s degree in Computer Science or IT related field.

Professional Qualification     

• Must have at least one of the following certifications or training in CEH/CHFI/ECIH/CISSP or in relevant  information security solutions certification, or incidents response

Relevant Work Experience  

• At least one (1) year related IT security work experience in a large or busy organization.

Technical Skills Required

• Experience in cyber security threat Analysis
• Experience in incident management
• Experience in digital forensics and malware analysis
• Experience in security tests or vulnerability management
• Penetration testing skills
• Research skills
• Experience in cyber security operations(SOC/CIRT)

Key Competencies:

• Ability to work long hours including night shifts
• Analytical mind with problem-solving aptitude
• Excellent listening, communication and presentation skills
• Reliable and thorough with a deep commitment to accuracy
• Self-motivated and able to work independently
• A team player
• Ability to prioritize competing work commitments and deliver on time

go to method of application »

Job Summary:

The jobholder is responsible for coordinating resolution of service requests and incidents through 2nd line Service Support team. 

Key Responsibilities:

Operational Responsibilities / Tasks:

• Analyzes service requests and incidents on weekly or monthly basis to improve quality of work done and to check compliance with Service Level Agreements (SLAs) for all work tickets
• Produce reports to show the number, categories, sources, elapsed time on a daily and weekly basis for service requests handled by 1st line support.
• Carry out trend analysis; classify service requests and incidents by identifying type and category for service requests handled by 1st line support.
• Act as an escalation point where difficult or controversial calls are received.
• Escalates systems disruptions and resumptions through SMS report to Business contacts and ICT Top Managers.
• Develop monthly management reports and submit to Manager, ICT for further action.
• Providing 2nd level support to service requests
• Prepare work schedules for 1st Line Support team.
• Generate reports to show periodic Work Tickets and their resolution status.
• Set performance targets for staff in their respective and ensure their achievements.
• Act as interpersonal relationship between 1st line and 2nd & 3rd line support teams.
• Analyzes data from the call Centre system regularly in order to improve quality of user contact.
• Carries out trend analysis for service requests and incidents.
• Carries out coaching/training sessions with the ICT Service Desk agents targeted at improving performance.
• Provide user sensitization on Service Desk functions.
• Ensure compliance to ISO (9001:2015 and 27001:2013) and data security requirements.

Academic and Professional Qualifications   

• Bachelor’s degree in Computer Science, Information Technology or any other IT related field
• Master’s degree in Computer Science, Business Administration or related Postgraduate degree will be an added advantage

The Post holder should have any of the following certifications

• CompTIA A+, CompTIA N+
• ITIL Training
• Customer Care Training

Relevant Work Experience and Skills Required       

• Have working knowledge and experience in automation tools such as System Center Configuration Manager and Microsoft SharePoint
• Possess experience in installing, configuring and troubleshooting Windows and Linux operating systems
• Demonstrate working knowledge of printer configuration, setup and troubleshooting
• Have hands on experience in setting up and troubleshooting Local Area Networks and have knowledge of different network protocols
• Be possess experience in supporting IP phones and teleconferencing systems; Webex, Teams, etc.
• Have experience in management of active directory users and computers.
• At least 3 years’ relevant working experience as a supervisor

Competencies

• Possess excellent communication skills
• Display Strong customer focus character
• Exhibit the ability to work well in a team
• Possess sharp analytical and problem solving skills
• Demonstrate ability to prioritise workload