Reporting to the Director, Information Technology, the purpose of the role is to safeguard KCB critical information infrastructure against external aggression from cyber criminals; respond to, resolve and recover from Cyber/IT Security incidents and attacks through proactive security incidence monitoring and also deliver an appropriate IT business continuity & data back-ups management capability for the Bank in the event of a material business interruption.
Responsibilities
Ensure the security of the core banking systems through adequate security management and administration measures.
Develop and enforce IT policies, standards and procedures to ensure proper operations and maintenance of the IT assets.
Implement appropriate transparency/escalation of all significant risks as appropriate in the weekly and monthly reports, and priority notifications to ensure minimum exposure to risk.
Identifying risks via: analysis of monthly metrics and other indicators; review of IT conformance reports, security assessments, requests for policy/standard exceptions and health check results; responding to escalations and queries; regular discussions with the departments; and other means that may be available to ensure that appropriate measures are taken to mitigate exposure.
Assessing identified risks in conjunction with other IT Departments, Information Risk and other Lines of Business to determine the impact/materiality in terms of financial loss/cost, reputation and/or regulatory risk and the likelihood and potential frequency of such risk occurring.
Ensure appropriate action plans and delivery dates are in place to address material risks and any open internal or external audit items or regulatory issues, and tracking these actions to completion.
Participate in the annual IS and IT audit plan with the Internal Audit in order to take note of the areas to be addressed.
Coordinate with internal and external auditors to ensure timely and responsive auditees, appropriate findings, and appropriate management responses and action plans.
Coordinate with Operational Risk Control to ensure transparency of risks, appropriate measures in place to mitigate risks to within the Business risk appetite, and a positive and open working relationship.
Providing guidance within the departments on topics related to ICT risk management such as achieving compliance with standards and policies, staying within the risk appetite of the KCB.
Coordinating with the Departments to ensure all deadlines are met for core activities such as conformance, audits, regulatory reviews, priority initiatives, etc.
Participation in the implementation of the Group Data Protection and Data Confidentiality programs.
Responsible for implementing/establishing a process for safeguarding authentication devices against interference, loss and theft.
Qualifications
To be considered for the role, the successful applicant should have the following:
Preferably a Bachelor’s Degree in ICT or Related Field from a recognized university. A Master’s Degree will be added advantage.
Must possess at least one security certification such as CISA, CISM, CISSP, CASP, BCM, Security +.
A minimum of 10 years senior management experience in Information Technology with hands on experience in:
8 years’ experience in Core banking risk & security management,
8 years’ experience in Active directory management,
8 years’ experience in IT Security on operating systems and databases,
8 years’ experience in IT BCM, Data Back Ups & Archival Management,
Knowledge of web security architecture is essential.
Knowledge and skills on encryption, VPN is essential.
Knowledge of web programming languages and software & security architectures is desired.
Strong leadership skills with demonstrated competencies in championing high performance.
Superior communication and interpersonal skills.
go to method of application »