Skip to main content

Information Security Risk & Compliance Officer

KT Rwanda Networks Ltd

Incorporated in September 2013, KTRN is the 4G LTE Infrastructure Company in Rwanda jointly established by Government of Rwanda(GoR) and Korea Telecom (KT) in a Public Private Partnership, with the main mission to achieve GoR’s connectivity and coverage goals for broadband network and service.

Since its commercial launch in November 2014, KTRN has made commendable milestones both in network rollout as well as 4G service penetration.

Currently, KTRN boasts of the largest 4G Network coverage in Rwanda with more

than 98% of the national population coverage.

Besides 4G Services, the company operates the biggest fiber network spanning over 4000 km of fiber around the country covering all districts and borders of Rwanda and it is leased to all operators for their business operations & expansion.

KTRN’s network is the only network in Rwanda providing technology convergence, facilitating value creation to Businesses.

Rate this employer
Average: 4.1 (32 votes)

JOB VACANCY:

Position: Information Security Risk & Compliance Officer

Reports to: Information Security Manager

Type of Employment: Full-time

Job announcement Date: 9th July 2026

Role Summary:

The Information Security Risk & Compliance Officer drives the organization’s GRC programmes. You make sure security is well governed, risks are understood and managed, and the organization meets its legal, regulatory, and contractual obligations. You are the bridge between technical teams, management, and auditors, turning standards into clear policies and evidence.

Roles & Responsibilities:

  • Build and maintain the Information Security Management System (ISMS).
  • Write, review, and keep up to date security policies, standards, and procedures.
  • Report the organization’s risk and compliance posture to leadership with clear KPIs.
  • Plan and run risk assessments; identify, analyze, and prioritize risks.
  • Maintain the risk register and track treatment plans to completion.
  • Advise teams on controls needed to bring risks to an acceptable level.
  • Align the organization with standards and regulations (e.g. ISO/IEC 27001, NIST CSF, data protection laws, and local telecom and cybersecurity regulations issued by regulators such as RURA and the NCSA, among others).
  • Prepare for and support internal and external audits and certifications.
  • Audit the organization against the defined frameworks and run various assessments to verify and enforce regulatory obligations across all departments.
  • Manage findings, corrective actions, and evidence to closure.
  • Oversee third-party / vendor risk and compliance requirements.
  • Coordinate between IT, business units, legal / data protection, and auditors.
  • Support security awareness and training across the organization.
  • Establish and test business continuity and disaster-recovery arrangements (aligned with ISO 22301).
  • Coordinate security and privacy incident and breach reporting to regulators and authorities within required timelines.
  • Support data-protection activities, including data protection impact assessments (DPIAs) and records of processing.
  • Maintain the inventory and classification of information assets.
  • Monitor regulatory and standards changes and update the compliance programmes accordingly.
  • Oversee data protection, including records of processing, DPIAs, DSARs, and breach notifications.
  • Deliver security and role-based training among other policy bases awareness trainings.

Required Qualifications:

  • Having Bachelor’s Degree in Iinformation Technology, (IT) Security, Computer Science, Business Informatics, or a related field (Mandatory).
  • Professional certification such as ISO 27001 Lead Auditor / Implementer (Mandatory).
  • Certifications such as, CEH, CISA, CRISC, CISSP, GDPR, or CISM.

(Added advantage)

Required Experience:

  • 3+ years in information security governance, risk, and compliance (telecom or regulated industry preferred).
  • Good understanding of security standards and frameworks (e.g. ISO/IEC 2700x).
  • Understanding of local regulatory requirements, especially telecom and cybersecurity regulations issued by regulators such as RURA and the NCSA, among others, and the national data protection law.
  • Structured and analytical, able to work independently and manage multiple work streams.
  • Excellent documentation, report-writing, and communication skills; able to explain complex topics simply.
  • Experience with risk-assessment methodologies (e.g. ISO 27005).
  • Familiarity with data protection (GDPR) and regulatory frameworks (e.g. NIS2).
  • Experience preparing for audits and certifications.
  • Strong analytical skills and clear written and verbal communication

Application procedure:

Interested candidates are required to submit the following documents:

  • A signed application letter addressed to the Chief Executive Officer (CEO) of KTRN.
  • A copy of notarized required academic degree
  • A copy of a valid National Identity Card (ID);
  • A criminal Record
  • An updated Curriculum Vitae (CV) including at least three (3) professional referees and their contact details;
  • Supporting documents demonstrating the required work experience.
  • All application documents must be combined into a single PDF file and submitted via email to recruits@ktrn.rw no later than 16th July 2026 at 5:00 PM.
  • Only shortlisted candidates shall be contacted.

KTRN Management

Click on the APPLY button to send your application documents:
  • Your application will be sent to the employer immediately (Allowed formats: .doc .pdf .txt .docx)
  • A confirmation email will be sent to you few minutes afterwards
  • You can request any documents archived from our website (ex: a job description, a CV, a cover letter...)