ICT SECURITY GOVERNANCE SPECIALIST, CORPORATE RISK & COMPLIANCE – LEVEL 8 – Zimbabwe Revenue Authority (ZIMRA) 145 views

Key Responsibilities

• Implements and operationalises the Authority’s information security governance framework across all ICT systems, applications, infrastructure, and data platforms.
• Translates approved security policies, standards, and frameworks into system-level security control requirements.
• Coordinates consistent application of security controls across ICT domains and business units.
• Monitors adherence to information security policies and escalate non-compliance.
• Reviews security controls implemented within core and supporting systems (e.g. ERP, customs, revenue, analytics platforms).
• Assesses security architecture, configuration, and integration controls at application and database level.
• Identifies systemic and recurring security control weaknesses across systems.
• Supports governance reviews for new systems, upgrades, and system integrations.
• Reviews access control models, user provisioning processes, and segregation of duties across systems.
• Conducts periodic security control assessments in line with approved assurance plans.
• Coordinates vulnerability assessment and penetration testing activities from a governance perspective.
• Assesses security risks arising from ICT change initiatives and digital transformation projects.
• Assesses security controls implemented by ICT vendors, cloud providers, and service partners.
• Reviews compliance with contractual and regulatory security requirements.
• Monitors remediation of third-party security gaps.
• Identifies and documents information security risks across systems and processes.
• Maintains accurate and up-to-date security risk and issue logs.
• Supports implementation and review of information security policies and standards.
• Contributes to cybersecurity awareness and training initiatives.
• Supports internal and external audits relating to information security governance.
• Tracks and monitors closure of security-related audit findings.
• Provides assurance inputs to support executive and Board reporting.

Requirements

• Ability to work under pressure,
• Ability to communicate at all levels,
• Ability to work both independently and as part of a team,
• Unquestionable integrity,
• Computer literacy.
• Bachelor’s degree in information security, Information Technology, Information Systems, Computer Science, Cybersecurity, Finance, Business Management or a related field.
• Postgraduate qualification in Information Security, Cybersecurity, Data Analytics, Risk Management, or ICT Governance is an added advantage.
• Professional certification in Information Security or ICT Governance such as: CISM, CISSP, ISO / IEC 27001 Lead Implementer or Lead Auditor, COBIT is a must.
• At least five (5) years of postgraduate experience in an ICT / Risk Management environment.
• Training or certification in ICT risk or cybersecurity governance (added advantage)
• Experience in Customs / Domestic Taxes or Tax environment is an added advantage.

How to Apply