Cyber Security Analyst at Bank of Africa Kenya Limited

Responsibilities and Accountabilities.

Information Security & Risk Management


Participate in identifying, assessing, and documenting IT/cyber risks.
Assist in updating and maintaining the IT risk register.
Track risk treatment plans and follow up with control owners.
Support vulnerability tracking and assist in coordinating remediation activities.
Help monitor and log security incidents and ensure timely reporting.


ISO 27001:2022 Implementation Support


Assist in drafting and updating ISMS documents (policies, procedures, SOPs, risk assessments).
Help conduct ISMS gap assessments and internal audits.
Collect, organize, and maintain compliance evidence for ISO controls.
Assist in tracking corrective and preventive actions (CAPA).
Conduct periodic reviews to ensure departments maintain ISMS alignment.


PCI DSS Certification Support


Assist in mapping cardholder data flows and maintaining network diagrams.
Help prepare and update PCI DSS evidence (screenshots, process documents, change logs).
Participate in internal readiness assessments and support Qualified Security Assessor (QSA) activities.
Track remediation tasks for PCI requirements and follow up with IT teams.
Monitor compliance with ongoing PCI DSS activities (log reviews, vulnerability scans, patching).


Governance, Risk & Compliance (GRC)


Assist in monitoring compliance with internal IT and security policies.
Support third‑party risk assessments of IT vendors and service providers.
Assist in compiling periodic information security and risk reports.


Operational Support


Maintain organized documentation repositories (ISMS library, SharePoint, etc.).
Track deadlines, deliverables, and progress for certification projects.
Assist in convening risk and security meetings, preparing minutes and follow‑up actions.
Coordinate with teams across IT, operations, business units, and external auditors.


Minimum Requirements; Work Experience, Academic and Professional Qualifications.


Bachelor's degree in IT, Information Systems, Computer Science, Cyber Security, or related fields.
Basic knowledge of information security and risk management concepts.
Familiarity with ISO 27001 and PCI DSS is an advantage.
Understanding of networks, servers, operating systems, and databases.
Ability to analyze logs, configurations, and security events.


Added Advantage Certifications.


ISO 27001 Internal Auditor / Implementer
CompTIA Security+
ISC2 Certified in Cybersecurity (CC)
ITIL Foundation
Beginner‑level GRC or cybersecurity courses