Cyber Security Analyst
Bank of Africa Kenya has an exciting opportunity in our Enterprise Risk Department.
Responsibilities and Accountabilities.Â
Information Security & Risk Management
- Participate in identifying, assessing, and documenting IT/cyber risks.
- Assist in updating and maintaining the IT risk register.
- Track risk treatment plans and follow up with control owners.
- Support vulnerability tracking and assist in coordinating remediation activities.
- Help monitor and log security incidents and ensure timely reporting.
ISO 27001:2022 Implementation Support
- Assist in drafting and updating ISMS documents (policies, procedures, SOPs, risk assessments).
- Help conduct ISMS gap assessments and internal audits.
- Collect, organize, and maintain compliance evidence for ISO controls.
- Assist in tracking corrective and preventive actions (CAPA).
- Conduct periodic reviews to ensure departments maintain ISMS alignment.
PCI DSS Certification Support
- Assist in mapping cardholder data flows and maintaining network diagrams.
- Help prepare and update PCI DSS evidence (screenshots, process documents, change logs).
- Participate in internal readiness assessments and support Qualified Security Assessor (QSA) activities.
- Track remediation tasks for PCI requirements and follow up with IT teams.
- Monitor compliance with ongoing PCI DSS activities (log reviews, vulnerability scans, patching).
Governance, Risk & Compliance (GRC)
- Assist in monitoring compliance with internal IT and security policies.
- Support thirdâparty risk assessments of IT vendors and service providers.
- Assist in compiling periodic information security and risk reports.
Operational Support
- Maintain organized documentation repositories (ISMS library, SharePoint, etc.).
- Track deadlines, deliverables, and progress for certification projects.
- Assist in convening risk and security meetings, preparing minutes and followâup actions.
- Coordinate with teams across IT, operations, business units, and external auditors.
Minimum Requirements; Work Experience, Academic and Professional Qualifications.
- Bachelorâs degree in IT, Information Systems, Computer Science, Cyber Security, or related fields.
- Basic knowledge of information security and risk management concepts.
- Familiarity with ISO 27001 and PCI DSS is an advantage.
- Understanding of networks, servers, operating systems, and databases.
- Ability to analyze logs, configurations, and security events.
Added Advantage Certifications.Â
- ISO 27001 Internal Auditor / Implementer
- CompTIA Security+
- ISC2 Certified in Cybersecurity (CC)
- ITIL Foundation
- Beginnerâlevel GRC or cybersecurity courses
Bank of Africa Kenya is an equal opportunity employer committed to fostering diversity, equity, and inclusion. The Bank does not charge any fees or solicit funds at any stage of the recruitment process.