Chief Manager – Information Security at Kenya Revenue Authority (KRA)

Job Summary

The jobholder shall be responsible for management of Cybersecurity Operations, managing Information Security risks, implementation of security tools and infrastructure, formulating and enforcing policies, addressing technical vulnerabilities and ensuring compliance with security best practices and maintaining an effective Information Security Management System (ISMS).

Duties & Responsibilities

• Develop and implement comprehensive Information Security strategies that deliver secure and reliable technology solutions, ensuring the protection of the Authority’s digital assets.
• Coordinate the design and implementation of information security infrastructure to strengthen the Authority’s cyber resilience and safeguard critical assets
• Ensure that the Authority’s infrastructure and assets are continuously monitored through a dedicated Security Operations Center (SOC) to detect, identify, and respond to cyber-attacks and information security incidents promptly.
• Oversee timely security testing, including vulnerability assessments and penetration tests, to ensure that automated systems comply with security policies, meet established standards, and address identified risks.
• Implement and maintain the Information Security Management System (ISMS) in alignment with the ISO/IEC 27001 standard to ensure continual improvement, compliance, and effective risk management
• Oversee implementation of corporate initiatives in the region/division: Ensure conformity to ISO standards and data security requirements, and manage Audit, Integrity, Quality Management Systems (QMS), Risk Management programmes and staff performance.

Person specifications

For appointment to this job, the candidate must have:

• A Bachelor’s degree in any of the following disciplines: - Computer Science, Information Communication Technology, Electrical / Electronic Engineering, Telecommunications, Cybersecurity & Digital Forensics or relevant and equivalent qualification from a recognized Institution;
• A Master’s Degree in any of the following disciplines: - Computer Science, Information Communication Technology, Cybersecurity & Digital Forensics or relevant or equivalent qualification from a recognized Institution will be an added advantage.
• Certification in lead auditor or implementer of ISO/IEC 27001, Risk Management or equivalent will be an added advantage.
• Membership to a relevant professional body will be an added advantage
• Minimum of seven (7) years in relevant work experience, three (3) years of which should be at middle managerial role.
• Leadership Course lasting not less than four (4) weeks from a recognized institution will be an added advantage.
• Any of the following professional certifications: Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), EC-Council Certified Incident Handler (ECIH), Certified Forensics Hacker Investigator (CFHI).

Key Competencies

• Visionary leadership, strategic thinking, strong organizational, planning, analytical and interpersonal skills.
• Adaptability and strong Project management skills
• Strong decision-making, problem-solving and creative thinking skills
• Strong persuasion, negotiation and communication skills–both oral and written.
• Professionalism, Ethical Judgment and Integrity