Kenya Airways is Hiring a Governance Risk & Compliance Officer (Location: Nairobi, Kenya)

Job Title: Governance Risk & Compliance Officer
Location: Nairobi, Kenya
Organization Name: Kenya Airways
Department: Technology

Brief Description:
Job Purpose Statement: The purpose of the Technology Governance, Risk, and Compliance (GRC) Officer is to ensure that the organization’s technology operations align with regulatory requirements, industry standards, and internal policies, while minimizing risks and enhancing overall governance.

Detailed Description:

• Align responsibilities and objectives in managing technology-related governance, risk, and compliance initiatives, ensuring alignment with standards such as IOSA, GDPR, PCI-DSS, ISO 27001.
• Track technology-related risk reduction over time, quantifying risk factors, vulnerabilities, and incidents.
• Monitor and report on adherence to established governance policies, standards, and procedures by technology teams and departments.
• Collaborate with developers, systems engineers, database engineers, security engineers, project managers, risk officers, and legal teams.

Analytics:

• Incident Response Time: Measure the time it takes to detect, respond to, and mitigate technology-related incidents (e.g., data breaches, system vulnerabilities).
• Training and Awareness: Evaluate the effectiveness of training programs on GRC knowledge among employees, tracking participation and retention.
• Security Posture Improvement: Track key security metrics, such as vulnerability assessments, patch management, and security controls.
• Vendor Risk Management: Assess third-party vendor risks and manage improvements in mitigating these risks.
• Data Privacy Compliance: Measure compliance with data privacy regulations (e.g., GDPR, CCPA), tracking protection practices and breach incidents.
• Incident Resolution Rate: Evaluate the rate of incident resolution and recovery time to normal operations.
• Policy Development and Updates: Track the development and updates of GRC policies, ensuring they align with evolving requirements.
• Budget Compliance: Monitor technology GRC expenditures and ensure cost-effectiveness.
• Stakeholder Satisfaction: Collect feedback from stakeholders to gauge satisfaction with GRC initiatives.
• Business Continuity: Measure the organization’s ability to maintain critical technology functions during disruptions, assessing disaster recovery and continuity plans.
• Security Awareness Surveys: Conduct surveys to assess employee security awareness and improve awareness programs.
• Compliance Documentation: Ensure compliance documentation (e.g., audits, risk assessments) is up-to-date and accessible.
• Cybersecurity Incident Preparedness: Evaluate the organization’s preparedness for cybersecurity incidents through drills and simulations.
• Technology Asset Inventory: Maintain an accurate inventory of technology assets and assess its accuracy over time.
• Audit Results: Assess the results of internal and external audits related to technology GRC.

Job Requirements:

• Bachelor’s degree in Computer Science/Information Technology or a related field from a recognized university.
• Minimum 3 years of experience in a related field.
• Excellent communication, analytical, and interpersonal skills.
• Ability to work independently and manage system issues during long hours.
• Strong decision-making, prioritization, and time-management skills.

How to Apply:
If you meet the profile, submit your detailed Curriculum Vitae. Only shortlisted candidates will be contacted. Kenya Airways is an equal-opportunity employer.
Deadline: 18-Feb-2025
Currency: KES