We’re accepting applications for the position of Cyber Security Governance, Risk and Compliance (GRC) Specialist. The successful candidate will be responsible for ensuring that the organization’s cyber security risks are under explicit management control, and will coordinate strategic integration of cyber security programmes. They will form part of the team that drives compliance to internal and global cyber security related policies and standards, cyber security baseline controls and applicable market laws and regulations.
Duties and Responsibilities:
- Ensuring that the organisation’s cyber security risks are under explicit management control
- Co-ordinating strategic integration of cyber security programmes within the company
- Driving compliance to internal and global cyber security-related policies and standards, cyber security baseline controls, and applicable market laws and regulations
- Continually reviewing and updating security policies, standards and guidelines in response to evolving cyber threats in co-ordination with the Enterprise Risk Management Team
- Co-ordinating stakeholders to deliver on targets or agreed business outcomes
- Co-ordinating periodic independent assurance of critical products and services
- Co-ordinating implementation of recommendations from independent assessments
- Conducting cyber risk assessments to determine the cyber risk profile and define treatment plans
- Recommending cyber security service improvement plans
- Co-ordinating the project handover process within cyber security functions
- Reviewing, implementing and improving the user access governance process
- Co-ordinating periodic cyber security knowledge transfer, awareness sessions and phishing simulations for staff in line with strategy
- Supporting implementation of the Managed Security Services strategy and roadmap
- Participating actively in cyber security events and trade shows, including reporting and presentations
- Applying effective communication, reporting and presentation skills
Minimum Requirements:
- Bachelor’s degree in electrical Engineering, Computer Science, Information
- Technology (or equivalent) from a recognized university
- At least one professional Information Security Qualification such as CISM, CISA, CISSP or CEH
- At least 2+ years proven experience with cyber security related standards
- (ISO 27001, PCI-DSS, etc.)
- Proven experience with GDPR, Kenyan Data Protection laws, and CBK guidelines on Cyber Security amongst others
- At least 2+ years of hands-on experience in managing cyber security technologies and operations
- Proven experience in supervising, leading, or coordinating teams and managing stakeholders