Manager – Vulnerability Management & Investigation Support at Kenya Revenue Authority (KRA)

Job Purpose

The jobholder shall be responsible for formulating and implementing strategies to ensure effective management of technical vulnerabilities in the Authority’s business systems and IT Infrastructure in order to enhance compliance with Information Security Policies and Security Best Practices.

Duties and responsibilities

• Support in formulation of Information Security strategies to ensure timely management of technical vulnerabilities within the Authority’s business systems and IT infrastructure.
• Develop patch management strategies on the Authority’s IT infrastructure and business systems.
• Provide information security advisories on acquisition and implementation of technology and third party integration involving/requiring information exchange
• Develop Units` Annual Work Plan.
• Coordinate the provision of technical support to relevant stakeholders in investigation of information security incidences.
• Prepare Unit annual budgets and ensure prudent utilization of allocated funds
• Prepares Unit monthly, quarterly, annual and ad hoc reports
• Develop, mentor and coach and manage staff performance in the Unit.
• Develop security controls in the Authority’s IT infrastructure and business systems and co-ordinate technical vulnerability assessments and penetration testing on KRA’s IT infrastructure and business systems.
• Manage KRA systems’ Security testing prior to deployment to production and review technical information systems security requirements for acquisition of business systems.
• Ensure conformity to ISO (9001/2025 and 27001/2013) and data security requirements within the unit.

Person Specification

For appointment to this job, the candidate must have:

• A Bachelor’s Degree in any of the following disciplines: - Computer Science, Information Technology, Business Information Technology or relevant and equivalent qualification from a recognized Institution;
• A Master’s Degree in any of the following disciplines: - Computer Science, Information Communication Technology, Business Information Technology or relevant and equivalent qualification from a recognized Institution, will be an added advantage.
• Leadership Course lasting not less than four (4) weeks from a recognized institution, will be an added advantage.
• Minimum of five (5) year’s work experience in a similar role, and at least two (2) years at Assistant Manager level or a comparable position

Professional Qualifications / Membership to professional bodies

Any of the following professional certifications:

• CEH, CISSP, ECIH, CFHI, CISM, CISA, MCSE, CCNA
• Certification in Project Management or IT Governance
• Membership to a professional body with a valid practicing certificate/license

Previous relevant work experience required

• Working experience in security tools such as python, firewalls, IPS, SIEM, SOAR, SQL, LINUX, databases etc.
• Knowledge in Vulnerability Management and penetration testing.
• Experience in the Information Security Management System (ISMS sec).
• Experience in a Computer Forensics and Investigations.

Competencies

• Budgeting skills
• Knowledge of relevant legislation
• Analytical skills
• Performance and results.
• Leadership skills
• Communication skills
• Interpersonal skills
• Innovative thinking
• Negotiation skills
• Resilience and Adaptability