Latest IT & ICT Jobs in Kenya

Policy & IT Risk Management Officer Job At KRA


Job Summary:                 

 The jobholder is responsible for supporting the implementation of Information Security management System based on ISO27001 and best practice.

Key Responsibilities

  •  Implement Information Security Management System based on the ISO/IEC 27001 series standards, including preparation for certification against ISO/IEC 27001
  • Perform gap analysis of information security standards such as ISO 27001 and create compliance reports for information security standards such as ISO 27001
  • Develop/review IS policies, standards, procedures and guidelines, in liaison with the stakeholder to obtain appropriate approvals and feedback for implementation.
  • Compliance monitoring and improvement activities to ensure adherence to internal security policies, procedure, standards and applicable laws and regulations
  • Support departments to manage implementation of information security management system.
  • Prepare materials and conduct Information security awareness, training and educational activities to stakeholders.
  • Manages information security risk assessments and controls selection activities
  • Perform testing of internal controls specified in Information Security Policies and Perform internal audit reviews to assess the effectiveness of current information security controls
  • Ensure timely and effective corrective actions are taken to correct deficiencies and provide status reporting.
  • Support the Information Security program including development, collection, assessment, and reporting of metrics
  • Recommend security policy changes and enhancements as needed
  • Conduct mock ISO Audits and, report on departments’ preparedness for final audit and certification
  • Support ISO 27001- audit and certification activities Day-to-day information security operations, supervision, reporting, management of performance and development of staff in the function


  • A Bachelor’s degree in Computer Science or related field from a recognized institution.
  • Must have at least one of the following security certifications or training in CISA/CISM/CEH/CHFI/ECIH/CISSP/ISO 27001/CRISP,
  • At least one (1) year related IT security work experience in a large or busy organization.

Technical Skills Required

  • Experience in Information Security Management System
  • Experience in development of policies and procedures
  • Knowledge in Information security risk management
  • Experience in Information security awareness development and training
  • Experience in cyber security threat Analysis or incident management

Key Competencies:

  • Excellent stakeholder engagement skills
  • Analytical mind with problem-solving aptitude
  • Excellent listening, communication and presentation skills
  • Reliable and thorough with a deep commitment to accuracy
  • Self-motivated and able to work independently
  • A team player
  • Ability to prioritize competing work commitments and deliver on time

How to Apply

Apply Now

Related posts

Embu County ICT Officer Job – APPLY NOW


GitLab Senior Backend Engineer Job (Ecosystem)


Lipa Later Product Owner Job


Leave a Comment