ICT SECURITY GOVERNANCE SPECIALIST, CORPORATE RISK & COMPLIANCE – LEVEL 8 (1 POST)
Ict & Computer Jobs
Job Description
ICT SECURITY GOVERNANCE SPECIALIST, CORPORATE RISK & COMPLIANCE
– LEVEL 8 (1 POST)
Duties and Responsibilities
3.1 Key Responsibilities
▪ Implements and operationalises the Authority’s information security governance
framework across all ICT systems, applications, infrastructure, and data platforms.
▪ Translates approved security policies, standards, and frameworks into system-level
security control requirements.
▪ Coordinates consistent application of security controls across ICT domains and
business units.
▪ Monitors adherence to information security policies and escalate non-compliance.
▪ Reviews security controls implemented within core and supporting systems (e.g. ERP,
customs, revenue, analytics platforms).
▪ Assesses security architecture, configuration, and integration controls at application
and database level.
▪ Identifies systemic and recurring security control weaknesses across systems.
▪ Supports governance reviews for new systems, upgrades, and system integrations
▪ Reviews access control models, user provisioning processes, and segregation of
duties across systems.
▪ Conducts periodic security control assessments in line with approved assurance
plans.
▪ Coordinates vulnerability assessment and penetration testing activities from a
governance perspective.
▪ Assesses security risks arising from ICT change initiatives and digital transformation
projects.
▪ Assesses security controls implemented by ICT vendors, cloud providers, and service
partners.
▪ Reviews compliance with contractual and regulatory security requirements.
▪ Monitors remediation of third-party security gaps.
▪ Identifies and documents information security risks across systems and processes.
3
▪ Maintains accurate and up-to-date security risk and issue logs.
▪ Supports implementation and review of information security policies and standards.
▪ Contributes to cybersecurity awareness and training initiatives
▪ Supports internal and external audits relating to information security governance.
▪ Tracks and monitors closure of security-related audit findings.
▪ Provides assurance inputs to support executive and Board reporting.
Qualifications and Experience
3.2 Job Skills and Competencies
▪ Ability to work under pressure,
▪ Ability to communicate at all levels,
▪ Ability to work both independently and as part of a team,
▪ Unquestionable integrity,
▪ Computer literacy.
3.3 Qualifications and Experience
▪ Bachelor’s degree in information security, Information Technology, Information
Systems, Computer Science, Cybersecurity, Finance, Business Management or a
related field.
▪ Postgraduate qualification in Information Security, Cybersecurity, Data Analytics,
Risk Management, or ICT Governance is an added advantage.
▪ Professional certification in Information Security or ICT Governance such as: CISM,
CISSP, ISO / IEC 27001 Lead Implementer or Lead Auditor, COBIT is a must.
▪ At least five (5) years of postgraduate experience in an ICT / Risk Management
environment.
▪ Training or certification in ICT risk or cybersecurity governance (added advantage)
▪ Experience in Customs / Domestic Taxes or Tax environment is an added advantage.
How to Apply
Interested candidates should submit applications, accompanied by a detailed Curriculum
Vitae by 28 March 2026, All applications should be emailed to:
ZimraRecruitment@zimra.co.zw clearly stating the position applied for and
addressed to:
The Director, Human Capital
Zimbabwe Revenue Authority
6th Floor ZB Centre
Corner First Street / Kwame Nkrumah Avenue
P. O. Box 4360
HARARE
Please note that only shortlisted applicants will be responded to and females are
encouraged to apply
