Supervisor – Information Security at Kenya Revenue Authority (KRA)

Job Purpose

The job holder is responsible for the review of the Authority’s Information System security, Infrastructure security, policies and procedures related to security to ensure technology in place and system controls are adequate to meet business objectives and customer needs.

Key Responsibilities/ Duties / Tasks

Managerial / Supervisory Responsibilities

• May be required to supervise officers during execution of audits as per the annual audit work plans.

Operational Responsibilities / Tasks

• Execute corporate Information System (IS) and related security audits designed to provide assessment of internal control processes and operational performance, in accordance with the Standards for the Professional Practice of Internal Audit as set forth by the IIA, and department standards.
• Assist in preparing detailed plans for performing individual audits including the identification of key risks and controls, determination of audit objectives, development of appropriate audit programs and determination of staff and budget requirements to facilitate execution of audits.
• Prepare and undertake timely documentation of audit working papers, result of audit reviews and recommended management actions on assigned activities in the audit management system (Team Mate+).
• Review internal controls and security of existing systems, under development, new information systems and system changes on existing systems as well as major IT projects and initiatives.
• Provide advisory/consultancy support across the Authority as applicable.
• Carry out ad hoc special assignments and investigations as applicable.
• Support the development and updating of departmental risk register, identification and assessment of risks in operational areas, contribute to risk mitigation and incident reporting.

Job Dimensions:

Responsibility for Physical Assets

• Responsible for physical assets assigned by the institution

Decision Making / Job Influence.

• Makes decisions using standard operational procedures

Working Conditions

• Works predominantly within the office

Job Competencies (Knowledge, Experience and Attributes / Skills)

Academic qualifications

• Bachelor’s Degree in any of the following fields: Information Technology, Computer Science, Business Information Technology, Mathematics, Engineering or business-related field.

Professional Qualifications

• CISA
• CISM or CIA or CEH or any related certification is an added advantage

Membership to professional bodies.

• Membership of ISACA or IIA

Previous relevant work experience required.

• At least three (3) years working experience in an audit, compliance or risk management environment.

Functional Skills, Behavioral Competencies/Attributes:

• Problem solving and analytical skills
• Planning and organizational skills
• Basic computer programming skills
• High level of integrity
• Ability to understand business processes and good awareness of functional relationships of Departments within the Authority
• Understanding and ability to apply risk and controls concepts
• Oral and written communication skills
• Excellent relationship management skills
• Understanding and ability to apply risk and controls concepts.