Security & Compliance Analyst

SECURITY & COMPLIANCE ANALYST JOB DESCRIPTION

Job Title: Security&Compliance Analyst

Department: Software Engineering

Reports to: Head of Technology

Direct Reports: 0

Location: Nairobi Kenya

Job Purpose

The Security and Compliance Officer is responsible for keeping our systems applications and data secure. This person will champion all security-related work-setting up policies handling incidents checking for risks and making sure we follow important standards like PCI DSS ISO 27001 GDPR and any other relevant guidelines. They will also train staff manage access controls and respond to client and audit requests.

The role is hands-on and requires someone who can take full ownership of security and compliance from the ground up.

Key Roles and Responsibilities

• Establish and manage the companys security processes including policies tools workflows and documentation.
  

• Monitor all applications and systems daily to identify and respond to potential threats or unusual activity.
  

• Monitor manage and update the SIEM system to detect and respond to security threats. This includes setting up alerts reviewing logs investigating incidents and ensuring all key systems are sending data to the SIEM.
  

• Maintain access control mechanisms including user provisioning de-provisioning and role-based access
  

• Handle all reported security issues-investigate resolve and ensure proper communication and follow-up within the SLA.
  

• Develop clear security playbooks and procedures for incident response access control and reporting.
  

• Conduct regular system and application checks to identify vulnerabilities and work with the team to resolve them.
  

• Identify and mitigate security vulnerabilities in coordination with relevant teams.
  

• Ensure compliance with relevant standards and regulations including PCI DSS ISO 27001 GDPR CBK guidelines and others as required.
  

• Maintain detailed records of incidents and actions taken and prepare periodic security reports for management.
  

• Manage access rights across systemsensure proper permissions regular reviews and timely updates.
  

• Support the implementation of encryption and secure communication protocols to ensure the security of data in transit.
  

• Support client and auditor requests related to security by providing clear responses and documentation.
  

• Train staff on basic security practices and ensure team members follow the companys security policies.
  

• Actively support employee onboarding by leading training sessions on relevant topics and providing departmental introductions to new hires.
  

• Stay updated on evolving security threats tools and regulatory changes and ensure internal practices are updated accordingly.
  

• Support access control management within infrastructure environments ensuring appropriate permissions are granted and reviewed periodically.
  

• Participate in daily stand-ups planning meetings and retrospectives to learn agile development rhythms.
  

• Perform any other duties as required to support the business in response to evolving needs changes and growth.
  

Requirements

Qualifications

• Bachelors or Masters degree in Cybersecurity Information Technology Computer Science or a related field.
  

• At least 4 years of experience in information security cybersecurity or IT risk management.
  

• Knowledge of firewalls intrusion detection systems SIEM and antivirus software.
  

• Experience with security frameworks (ISO 27001 NIST CIS Controls etc.).
  

• Familiarity with network security penetration testing and incident response.
  

• Strong understanding of cloud security (AWS Azure GCP).
  

• Certifications such as CISSP CISM CEH or CompTIA Security (preferred).
  

• Excellent problem-solving analytical and communication skills.
  

Preferred Skills

• Experience in application and system security.
  

• Knowledge of PCI DSS ISO 27001 GDPR and regulatory guidelines.
  

• Familiar with common security risks and how to prevent them.
  

• Strong incident response skills including investigation and reporting.
  

• Able to set up and manage security tools (e.g. vulnerability scanners monitoring tools).
  

• Clear communicator able to explain risks and requirements to different teams.