Supervisor – Policy & IT Risk Management at Kenya Revenue Authority (KRA)

The Kenya Revenue Authority (KRA) was established by an Act of Parliament, Chapter 469 of the laws of Kenya , which became effective on 1st July 1995 . The Authority is charged with the responsibility of collecting revenue on behalf of the Government of Kenya. A Board of Directors, consisting of both public and private sector experts, makes policy decisions to be implemented by KRA Management. The Chairman of the Board is appointed by the President of the Republic of Kenya . The Chief Executive of the Authority is the Commissioner General who is appointed by the Minister for Finance. PURPOSE OF KRA Assessment , Collection, Administration and Enforcement of laws relating to revenue.

Department: Corporate Support Services

Division:       Information and Communication Technology

Location / Work Station:  Nairobi

Job Summary:    

The job holder is responsible for ensuring enforcement and monitoring of compliance to IS policies across the authority.

Key Responsibilities: 

  • Develop and Implement the IS awareness program and measure the effectiveness in the authority to promote security aware culture.
  • Carryout assessments to identify non-compliance to the ISO 27001 requirements, policies, procedures and controls follow up with the concerned processes to ensure compliance.
  • Conduct information security risk management, including assessment and treatment plan and provision of status reports.
  • Develop and review information security policies, procedures and standard to promote information security and in compliance to ISO27001
  • Monitor compliance to the developed IS policies, procedures and controls in the authority ensuring adherence to the ISO 27001 standards.
  • Ensure compliance to ISO 27001 security requirements and control objectives in the Authority.
  • Day-to-day information security operations, supervision, reporting, management of performance and development of staff in the function

Academic Qualifications   

  • A bachelor’s degree in Computer Science or related field from a recognized institution.

Professional Qualifications 

  • Must have at least one of the following security certifications or trainings in CISA/CISM/CEH/CHFI/ECIH/CISSP/ISO 27001/CRiSP,

Relevant Work Experience

  • At least 3 years related work experience in a similar role.

Technical Skills Required:

  • Experience in Information Security Management System
  • Experience in development and review of  policies
  • Knowledge in  Information security risk management
  • Experience in Information security awareness development and training
  • Experience in cyber security threat Analysis or incident management
  • Experience in Project Management

Key Competencies:   

  • Excellent stakeholder engagement skills
  • Analytical mind with problem-solving aptitude
  • Excellent listening, communication and presentation skills
  • Reliable and thorough with a deep commitment to accuracy
  • Self-motivated and able to work independently
  • A team player
  • Ability to prioritize competing work commitments and deliver on time

Submit your CV and Application on Company Website : Click Here

Closing Date : 29th May, 2021


Apply for this Job


What is your service?