Job Description
Ref. DD/RA/2023
Job Title: Deputy Director, Risk Assurance (CA4)
Overview:
The Communications Authority of Kenya (The Authority) is the regulatory agency responsible for
regulation the communications sector in Kenya. We are committed to promoting and facilitating
the development of a vibrant and inclusive communications industry. As part of our strategic
objectives, we are seeking a highly skilled and experienced Deputy Director, Risk Assurance to
join our team. This is a key role responsible for providing technical expertise in risk assurance to
the Authority.
Job Summary:
Under the supervision of the Director, Internal Audit and Risk Assurance, the Deputy Director,
Risk Assurance is responsible for providing independent, objective assurance and consulting
activity aimed at adding value and improving the operations of the Authority. The Auditor will
also evaluate and improve the effectiveness of risk management, control and governance
processes. This role requires expertise in risk management, internal controls, and governance
processes.
1. Advise the Authority on the effectiveness of enterprise risk management strategy and
frameworks.
2. Identify, assess, and prioritize risks across the organization, considering both internal and
external factors.
3. Review risk exposure, identify emerging risks, and recommend appropriate risk mitigation
measures.
4. Assessment of controls over critical IT systems, network and physical components, and IT
infrastructure supporting relevant business processes.
5. Review of security and data privacy compliance - (information leakage prevention, security
of changes, biometrics and identity management).
6. Review and advise on the effectiveness of internal control systems to ensure compliance
with applicable laws, regulations, and internal policies.
7. Perform data analytics in support of the internal audit function.
8. Provide recommendations to Management on matters relating to efficiency, effectiveness,
and value-for-money audits.
9. Review and advise on business continuity management, backup plan and disaster recovery
plans for resilience.
10. Carry out special audits and investigations on areas of potential for fraud and report to
management and or the Board.
11. Stay updated on regulatory requirements, industry trends, and emerging risks relevant to
the communications sector including carrying out research and benchmarking on audit and
emerging technologies.
12. Participate in the maintenance and documentation of standards, policies and practices.
13. Perform review of information systems under development and enhance the current
systems.
Qualifications:
1. Bachelor’s degree in information technology /Computer Science, Business Information
Technology or any other relevant field. Master's degree is preferred.
2. Be a Member of the Information Systems Audit Control Association (ISACA) and Institute
of Internal auditors (IIA) in good standing.
3. Professional certification in Certified Information Systems Auditor (CISA), Certified
Internal Auditor (CIA), or Certified in Risk and Information Systems Control (CRISC), is
highly desirable.
4. A minimum of 10 years of relevant work experience, with at least three (3) years in a
supervisory role.
5. Fulfill the requirements of Chapter Six of the Constitution.
Key Competencies:
1. Demonstrate in-depth knowledge and proven experience in risk management processes.
2. Show strong analytical and problem-solving skills especially in complex environments.
3. Excellent communication and interpersonal skills, with the ability to effectively engage
and influence stakeholders at all levels.
4. Ability to work collaboratively in a team environment and build strong relationships across
departments.
5. Proficient in audit software tools to support the Audit function.