The Kenya Revenue Authority (KRA) was established by an Act of Parliament, Chapter 469 of the laws of Kenya , which became effective on 1st July 1995 . The Authority is charged with the responsibility of collecting revenue on behalf of the Government of Kenya. A Board of Directors, consisting of both public and private sector experts, makes policy decisions to be implemented by KRA Management. The Chairman of the Board is appointed by the President of the Republic of Kenya . The Chief Executive of the Authority is the Commissioner General who is appointed by the Minister for Finance. PURPOSE OF KRA Assessment , Collection, Administration and Enforcement of laws relating to revenue.
The job holder is responsible for supporting the implementation of Information Security management System based on ISO27001 and best practice.
- Implement Information Security Management System based on the ISO/IEC 27001 series standards, including preparation for certification against ISO/IEC 27001
- Perform gap analysis of information security standards such as ISO 27001 and create compliance reports for information security standards such as ISO 27001
- Develop/review IS policies, standards, procedures and guidelines, in liaison with the stakeholder to obtain appropriate approvals and feedback for implementation.
- Compliance monitoring and improvement activities to ensure adherence to internal security policies, procedure, standards and applicable laws and regulations
- Support departments to manage implementation of information security management system.
- Prepare materials and conduct Information security awareness, training and educational activities to stakeholders.
- Manages information security risk assessments and controls selection activities
- Perform testing of internal controls specified in Information Security Policies and Perform internal audit reviews to assess the effectiveness of current information security controls
- Ensure timely and effective corrective actions are taken to correct deficiencies and provide status reporting.
- Support the Information Security program including development, collection, assessment, and reporting of metrics
- Recommend security policy changes and enhancements as needed
- Conduct mock ISO Audits and, report on departments’ preparedness for final audit and certification
- Support ISO 27001- audit and certification activities Day-to-day information security operations, supervision, reporting, management of performance and development of staff in the function
A Bachelor’s degree in Computer Science or related field from a recognized institution.
Must have at least one of the following security certifications or training in CISA/CISM/CEH/CHFI/ECIH/CISSP/ISO 27001/CRISP,
Relevant Work Experience
At least one (1) year related IT security work experience in a large or busy organization.
Technical Skills Required:
- Experience in Information Security Management System
- Experience in development of policies and procedures
- Knowledge in Information security risk management
- Experience in Information security awareness development and training
- Experience in cyber security threat Analysis or incident management
- Excellent stakeholder engagement skills
- Analytical mind with problem-solving aptitude
- Excellent listening, communication and presentation skills
- Reliable and thorough with a deep commitment to accuracy
- Self-motivated and able to work independently
- A team player
- Ability to prioritize competing work commitments and deliver on time
How to Apply
Closing Date : 20 October. 2021
- Salary Offer 0 ~ Ksh10000000 KES 0-ksh10000000 Month
- Address Nairobi, Nairobi, Kenya