KE-Senior Manager, Information Security (National)
2026-05-29T11:53:50+00:00
Church World Service
https://cdn.greatkenyanjobs.com/jsjobsdata/data/employer/comp_3445/logo/Church%20World%20Service.png
https://www.greatkenyanjobs.com/jobs/
FULL_TIME
Nairobi
Nairobi
00100
Kenya
Professional Services
Management, Computer & IT, Social Services & Nonprofit, Business Operations
2026-06-05T17:00:00+00:00
8
Church World Service (CWS) was founded in 1946 and is a cooperative ministry of 37 Christian denominations and communions, providing sustainable self-help, development, disaster relief, and refugee assistance around the world. The CWS mission is to eradicate hunger and poverty and to promote peace and justice at the national and international level through c...
Primary Purpose
This position is primarily responsible for taking lead in the management of CWS Africa information system security program to ensure that information assets are adequately protected by others, identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization.
They supervise the Senior Information Security Officers (SISO) and oversee the development, adoption, implementation and enforcement of information security policies, procedures, and standards to ensure compliance with the organizational IS security framework, NIST, and other Information security, privacy, legal requirements and best practices.
The position requires documentation and presentation skills, analytical and critical thinking skills, the ability to identify needs, flexibility, initiative, and confidence in dealing with different types of complex systems, network, software, equipment, and different types of people.
Responsibilities Strategic Support and Management
Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled, or processed by the organization.
The CWS Africa Information System should be secured according to the organizational defined policies, Integrity and Compliance Guide, Federal IT security requirements and the National Institute of Standards Technology (NIST) moderate controls among other information systems local and global legal and best practice requirements.
Manage the enterprise's information security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management, and annual performance reviews.
Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
The SMIS provides input and recommendations to IT and CWS Africa management on systems security updates and trends advises on key IT security areas including risk management, legal and regulatory compliance, and policy in all CWS Africa countries of operation; and oversees ongoing risk identification, remediation, compliance, and vendor risk management.
Works with SISO to develop, maintain and publish up-to-date information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
Create, communicate, and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from consultants, consultants, and other service providers.
Work with the Regional IT Director to develop and manage information security budgets and monitor them for variances.
Review and approve information security and risk management awareness training programs for all employees, contractors, and approved system users, working closely with the training department.
Work directly with the business units to facilitate IT risk assessment and risk management processes and collaborate with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
Provide regular reporting on the status of the information security program to enterprise risk teams, senior business leaders, and the board of directors as part of a strategic enterprise risk management program.
Create and maintain a framework for roles and responsibilities regarding information ownership, classification, accountability, and protection.
Enhance the information security management framework based on Federal government requirements and oversee consistent implementation.
Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
Ensure that security programs comply with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.
Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support, and in-house consulting in these areas.
Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services, including, but not limited to, privacy, risk management, compliance, and business continuity management.
Experience Qualifications
A minimum of eight (8) years’ paid IT work experience is required.
3 years of experience in IT Security is required.
2 years’ supervisory experience is required
2 years’ experience in managing, securing, maintaining and design of computer systems, preferably Windows based, is preferred.
Experience in managing major IT projects is preferred.
Skills
Strong leadership skills and the ability to work effectively with business managers, IT engineering, and IT operations staff.
The ability to interact with CWS Africa personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
Knowledge and understanding of relevant legal and regulatory requirements, such as NIST, South Africa’s POPIA, Kenya Data Protection Act, Cloud Security Policy, among other relevant local or global laws, standards, and regulations.
Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
Project management skills: financial/budget management, scheduling, and resource management.
Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
A strong understanding of the business impact of security tools, technologies, and policies.
Strong leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision.
Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.
Experience working with legal, audit and compliance staff.
Experience developing and maintaining policies, procedures, standards, and guidelines.
Experience with common information security management frameworks, such as National Institute of Standards and Technology, International Standards Organization (ISO) 2700, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks among others
Proficiency in performing risk, business impact, control and vulnerability assessments, audits, and in defining treatment strategies.
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
An understanding of operating system internals and network protocols.
Familiarity with the principles of cryptography and cryptanalysis.
Experience in system technology security testing (vulnerability scanning and penetration testing).
Familiarity in application technology security testing (white box, black box, and code review).
Strong, up-to-date knowledge of systems security and administration in a large network environment
Education & Certifications
Bachelor’s degree in IT field, or four (4) years’ work experience in IT if a bachelor’s degree required. A master’s degree is preferred.
Other advanced professional training in IT Security is required (NIST CSP, CISSP, GIAC, CISA, CISM, CompTIA Security+) related or equivalent.
Abilities
The Senior Manager, Information Security must have the ability to:
discuss technical information with users of diverse technical levels and discern their needs.
facilitate and negotiate.
communicate technical reports effectively at any level.
communicate effectively both verbally and in writing.
follow instructions from the Supervisor with a positive and receptive attitude.
deal effectively and courteously with associates, outside agencies, refugees, and members of the public.
conduct oneself in a professional and courteous manner to represent the best interests of CWS Africa and CWS/IRP.
maintain a high-performance standard with attention to detail.
perform all the duties of the position efficiently and effectively with minimal supervision.
work independently and contribute to overall operations at management level.
take initiative in the development and completion of projects.
lead others and address issues as they arise.
maintain strict confidentiality with CWS Africa administrative and operational information.
manage a large and diverse workload under pressure with competing priorities.
analyze and solve complex problems.
work well as a team in a multi-cultural environment while maintaining a high level of motivation.
effectively manage CWS Africa’s resources.
actively participate in the implementation of the U.S. Government Operational Refugee Processing Program in Africa
Important Requirements
Strong English communication skills, both written and oral.
Ability to work in a multi-cultural environment required.
Commitment to diversity, equity, and inclusion and willingness to support CWS’ Platform on Racial Justice as a CWS employee required.
Remain alert and responsive to any child safeguarding and PSEAH (Prevention of Sexual, Exploitation, Abuse and Harassment) risks, acquire relevant knowledge and skills which will enable you to promote strong safeguarding PSEAH practices, understand the child safeguarding and PSEAH Policies and procedures, and conduct yourself in a manner consistent with the Child Safeguarding and PSEAH Policies.
* Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled, or processed by the organization. * The CWS Africa Information System should be secured according to the organizational defined policies, Integrity and Compliance Guide, Federal IT security requirements and the National Institute of Standards Technology (NIST) moderate controls among other information systems local and global legal and best practice requirements. * Manage the enterprise's information security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management, and annual performance reviews. * Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board. * The SMIS provides input and recommendations to IT and CWS Africa management on systems security updates and trends advises on key IT security areas including risk management, legal and regulatory compliance, and policy in all CWS Africa countries of operation; and oversees ongoing risk identification, remediation, compliance, and vendor risk management. * Works with SISO to develop, maintain and publish up-to-date information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices. * Create, communicate, and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from consultants, consultants, and other service providers. * Work with the Regional IT Director to develop and manage information security budgets and monitor them for variances. * Review and approve information security and risk management awareness training programs for all employees, contractors, and approved system users, working closely with the training department. * Work directly with the business units to facilitate IT risk assessment and risk management processes and collaborate with stakeholders throughout the enterprise on identifying acceptable levels of residual risk. * Provide regular reporting on the status of the information security program to enterprise risk teams, senior business leaders, and the board of directors as part of a strategic enterprise risk management program. * Create and maintain a framework for roles and responsibilities regarding information ownership, classification, accountability, and protection. * Enhance the information security management framework based on Federal government requirements and oversee consistent implementation. * Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls. * Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures. * Coordinate information security and risk management projects with resources from the IT organization and business unit teams. * Ensure that security programs comply with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings. * Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings. * Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation. * Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. * Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support, and in-house consulting in these areas. * Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security. * Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services, including, but not limited to, privacy, risk management, compliance, and business continuity management.
* Strong leadership skills and the ability to work effectively with business managers, IT engineering, and IT operations staff. * The ability to interact with CWS Africa personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives. * Knowledge and understanding of relevant legal and regulatory requirements, such as NIST, South Africa’s POPIA, Kenya Data Protection Act, Cloud Security Policy, among other relevant local or global laws, standards, and regulations. * Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives. * Project management skills: financial/budget management, scheduling, and resource management. * Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals. * A strong understanding of the business impact of security tools, technologies, and policies. * Strong leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision. * Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies. * Experience working with legal, audit and compliance staff. * Experience developing and maintaining policies, procedures, standards, and guidelines. * Experience with common information security management frameworks, such as National Institute of Standards and Technology, International Standards Organization (ISO) 2700, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks among others * Proficiency in performing risk, business impact, control and vulnerability assessments, audits, and in defining treatment strategies. * Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans. * Strong analytical skills to analyze security requirements and relate them to appropriate security controls. * An understanding of operating system internals and network protocols. * Familiarity with the principles of cryptography and cryptanalysis. * Experience in system technology security testing (vulnerability scanning and penetration testing). * Familiarity in application technology security testing (white box, black box, and code review). * Strong, up-to-date knowledge of systems security and administration in a large network environment
* Bachelor’s degree in IT field, or four (4) years’ work experience in IT if a bachelor’s degree required. A master’s degree is preferred. * Other advanced professional training in IT Security is required (NIST CSP, CISSP, GIAC, CISA, CISM, CompTIA Security+) related or equivalent.
JOB-6a197e4e9ff8b
Vacancy title:
KE-Senior Manager, Information Security (National)
[Type: FULL_TIME, Industry: Professional Services, Category: Management, Computer & IT, Social Services & Nonprofit, Business Operations]
Jobs at:
Church World Service
Deadline of this Job:
Friday, June 5 2026
Duty Station:
Nairobi | Nairobi
Summary
Date Posted: Friday, May 29 2026, Base Salary: Not Disclosed
Similar Jobs in Kenya
Learn more about Church World Service
Church World Service jobs in Kenya
JOB DETAILS:
Church World Service (CWS) was founded in 1946 and is a cooperative ministry of 37 Christian denominations and communions, providing sustainable self-help, development, disaster relief, and refugee assistance around the world. The CWS mission is to eradicate hunger and poverty and to promote peace and justice at the national and international level through c...
Primary Purpose
This position is primarily responsible for taking lead in the management of CWS Africa information system security program to ensure that information assets are adequately protected by others, identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the organization.
They supervise the Senior Information Security Officers (SISO) and oversee the development, adoption, implementation and enforcement of information security policies, procedures, and standards to ensure compliance with the organizational IS security framework, NIST, and other Information security, privacy, legal requirements and best practices.
The position requires documentation and presentation skills, analytical and critical thinking skills, the ability to identify needs, flexibility, initiative, and confidence in dealing with different types of complex systems, network, software, equipment, and different types of people.
Responsibilities Strategic Support and Management
Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality, and availability of information is owned, controlled, or processed by the organization.
The CWS Africa Information System should be secured according to the organizational defined policies, Integrity and Compliance Guide, Federal IT security requirements and the National Institute of Standards Technology (NIST) moderate controls among other information systems local and global legal and best practice requirements.
Manage the enterprise's information security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations). This includes hiring, training, staff development, performance management, and annual performance reviews.
Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.
The SMIS provides input and recommendations to IT and CWS Africa management on systems security updates and trends advises on key IT security areas including risk management, legal and regulatory compliance, and policy in all CWS Africa countries of operation; and oversees ongoing risk identification, remediation, compliance, and vendor risk management.
Works with SISO to develop, maintain and publish up-to-date information security policies, standards, and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
Create, communicate, and implement a risk-based process for vendor risk management, including assessment and treatment for risks that may result from consultants, consultants, and other service providers.
Work with the Regional IT Director to develop and manage information security budgets and monitor them for variances.
Review and approve information security and risk management awareness training programs for all employees, contractors, and approved system users, working closely with the training department.
Work directly with the business units to facilitate IT risk assessment and risk management processes and collaborate with stakeholders throughout the enterprise on identifying acceptable levels of residual risk.
Provide regular reporting on the status of the information security program to enterprise risk teams, senior business leaders, and the board of directors as part of a strategic enterprise risk management program.
Create and maintain a framework for roles and responsibilities regarding information ownership, classification, accountability, and protection.
Enhance the information security management framework based on Federal government requirements and oversee consistent implementation.
Provide strategic risk guidance for IT projects, including the evaluation and recommendation of technical controls.
Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.
Coordinate information security and risk management projects with resources from the IT organization and business unit teams.
Ensure that security programs comply with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings.
Define and facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data, and the company's reputation.
Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support, and in-house consulting in these areas.
Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services, including, but not limited to, privacy, risk management, compliance, and business continuity management.
Experience Qualifications
A minimum of eight (8) years’ paid IT work experience is required.
3 years of experience in IT Security is required.
2 years’ supervisory experience is required
2 years’ experience in managing, securing, maintaining and design of computer systems, preferably Windows based, is preferred.
Experience in managing major IT projects is preferred.
Skills
Strong leadership skills and the ability to work effectively with business managers, IT engineering, and IT operations staff.
The ability to interact with CWS Africa personnel, build strong relationships at all levels and across all business units and organizations, and understand business imperatives.
Knowledge and understanding of relevant legal and regulatory requirements, such as NIST, South Africa’s POPIA, Kenya Data Protection Act, Cloud Security Policy, among other relevant local or global laws, standards, and regulations.
Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
Project management skills: financial/budget management, scheduling, and resource management.
Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
A strong understanding of the business impact of security tools, technologies, and policies.
Strong leadership abilities, with the capability to develop and guide information security team members and IT operations personnel, and work with minimal supervision.
Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT organization, project and application development teams, management and business personnel; in-depth knowledge and understanding of information risk concepts and principles as a means of relating business needs to security controls; an excellent understanding of information security concepts, protocols, industry best practices and strategies.
Experience working with legal, audit and compliance staff.
Experience developing and maintaining policies, procedures, standards, and guidelines.
Experience with common information security management frameworks, such as National Institute of Standards and Technology, International Standards Organization (ISO) 2700, the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) frameworks among others
Proficiency in performing risk, business impact, control and vulnerability assessments, audits, and in defining treatment strategies.
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
An understanding of operating system internals and network protocols.
Familiarity with the principles of cryptography and cryptanalysis.
Experience in system technology security testing (vulnerability scanning and penetration testing).
Familiarity in application technology security testing (white box, black box, and code review).
Strong, up-to-date knowledge of systems security and administration in a large network environment
Education & Certifications
Bachelor’s degree in IT field, or four (4) years’ work experience in IT if a bachelor’s degree required. A master’s degree is preferred.
Other advanced professional training in IT Security is required (NIST CSP, CISSP, GIAC, CISA, CISM, CompTIA Security+) related or equivalent.
Abilities
The Senior Manager, Information Security must have the ability to:
discuss technical information with users of diverse technical levels and discern their needs.
facilitate and negotiate.
communicate technical reports effectively at any level.
communicate effectively both verbally and in writing.
follow instructions from the Supervisor with a positive and receptive attitude.
deal effectively and courteously with associates, outside agencies, refugees, and members of the public.
conduct oneself in a professional and courteous manner to represent the best interests of CWS Africa and CWS/IRP.
maintain a high-performance standard with attention to detail.
perform all the duties of the position efficiently and effectively with minimal supervision.
work independently and contribute to overall operations at management level.
take initiative in the development and completion of projects.
lead others and address issues as they arise.
maintain strict confidentiality with CWS Africa administrative and operational information.
manage a large and diverse workload under pressure with competing priorities.
analyze and solve complex problems.
work well as a team in a multi-cultural environment while maintaining a high level of motivation.
effectively manage CWS Africa’s resources.
actively participate in the implementation of the U.S. Government Operational Refugee Processing Program in Africa
Important Requirements
Strong English communication skills, both written and oral.
Ability to work in a multi-cultural environment required.
Commitment to diversity, equity, and inclusion and willingness to support CWS’ Platform on Racial Justice as a CWS employee required.
Remain alert and responsive to any child safeguarding and PSEAH (Prevention of Sexual, Exploitation, Abuse and Harassment) risks, acquire relevant knowledge and skills which will enable you to promote strong safeguarding PSEAH practices, understand the child safeguarding and PSEAH Policies and procedures, and conduct yourself in a manner consistent with the Child Safeguarding and PSEAH Policies.
Work Hours: 8
Experience in Months: 12
Level of Education: postgraduate degree
Job application procedure
Application Link:Click Here to Apply Now
All Jobs | QUICK ALERT SUBSCRIPTION
