IT Risk & Security Head
The Position
IT Security Specialist
The Position
Reporting
to the Director, Information Technology, the purpose of the role is to
safeguard KCB critical information infrastructure against external aggression
from cyber criminals; respond to, resolve and recover from Cyber/IT Security
incidents and attacks through proactive security incidence monitoring and also
deliver an appropriate IT business continuity & data back-ups management
capability for the Bank in the event of a material business interruption.
Responsibilities
·
Ensure the security of the core
banking systems through adequate security management and administration
measures.
·
Develop and enforce IT policies,
standards and procedures to ensure proper operations and maintenance of the IT
assets.
·
Implement appropriate
transparency/escalation of all significant risks as appropriate in the weekly
and monthly reports, and priority notifications to ensure minimum exposure to
risk.
·
Identifying risks via: analysis of
monthly metrics and other indicators; review of IT conformance reports,
security assessments, requests for policy/standard exceptions and health check
results; responding to escalations and queries; regular discussions with the
departments; and other means that may be available to ensure that appropriate
measures are taken to mitigate exposure.
·
Assessing identified risks in
conjunction with other IT Departments, Information Risk and other Lines of
Business to determine the impact/materiality in terms of financial loss/cost,
reputation and/or regulatory risk and the likelihood and potential frequency of
such risk occurring.
·
Ensure appropriate action plans and
delivery dates are in place to address material risks and any open internal or
external audit items or regulatory issues, and tracking these actions to
completion.
·
Participate in the annual IS and IT
audit plan with the Internal Audit in order to take note of the areas to be
addressed.
·
Coordinate with internal and external
auditors to ensure timely and responsive auditees, appropriate findings, and
appropriate management responses and action plans.
·
Coordinate with Operational Risk
Control to ensure transparency of risks, appropriate measures in place to
mitigate risks to within the Business risk appetite, and a positive and open
working relationship.
·
Providing guidance within the
departments on topics related to ICT risk management such as achieving
compliance with standards and policies, staying within the risk appetite of the
KCB.
·
Coordinating with the Departments to
ensure all deadlines are met for core activities such as conformance, audits,
regulatory reviews, priority initiatives, etc.
·
Participation in the implementation
of the Group Data Protection and Data Confidentiality programs.
·
Responsible for
implementing/establishing a process for safeguarding authentication devices
against interference, loss and theft.
Qualifications
·
To be considered for the role, the
successful applicant should have the following:
·
Preferably a Bachelor’s Degree in ICT
or Related Field from a recognized university. A Master’s Degree will be added
advantage.
·
Must possess at least one security
certification such as CISA, CISM, CISSP, CASP, BCM, Security +.
·
A minimum of 10 years senior
management experience in Information Technology with hands on experience in:
1. 8 years’ experience in Core banking risk & security
management,
2. 8 years’ experience in Active directory management,
3. 8 years’ experience in IT Security on operating systems
and databases,
4. 8 years’ experience in IT BCM, Data Back Ups & Archival
Management,
·
Knowledge of web security
architecture is essential.
·
Knowledge and skills on encryption,
VPN is essential.
·
Knowledge of web programming
languages and software & security architectures is desired.
·
Strong leadership skills with
demonstrated competencies in championing high performance.
·
Superior communication and
interpersonal skills.
IT Security Specialist
The Position
Reporting to the Senior Manager, IT
Security; the IT Security Specialist will be responsible for innovation,
implementation and support of systems that provide the tools for automating and
securing the office environment throughout the KCB business.
Responsibilities
·
Perform vulnerability assessment and
penetration testing on Banks infrastructure and applications in a bid to ensure
that they are secure from external or internal hacking attempts.
·
Research on and provide technical
security expertise on continuous persistent threats affecting the banking
industry to the Senior Manager, IT Risk & Security and DDIT.
·
Develop IT Security Policies, Minimum
Baseline Security Standards in line with industry best practices and
technologies, commensurate with risk and regulatory requirements and
implementing the same cost effectively.
·
Provide technical security related
support to projects from inception through to successful implementation to
ensure that security is in built into the applications.
·
Recognize and provide solutions for
IT Security related problems by identifying abnormalities and reporting
violations.
·
Appropriately and practically defend
the information enterprise in accordance with established policies, procedures,
guidelines and practices.
·
Monitor internal and external
threats, examine logs, events and alerts generated by multiple platforms for
anomalous activity, evidence of security incidents and other error conditions
that may constitute a breach in security or degradation of integrity or
confidentiality of KCB Information Technology systems and information assets.
·
Continuously update the IT security
monitoring and assessment as required in view of the latest hacking techniques
& also stay current on malware trends especially in the financial industry
and also adjust the assessment accordingly to reflect the latest trends.
·
Support the implementation of
procedural, operational and technical Security Architecture enhancements.
·
Ensure compliance to security
standards, PCI/DSS, FIBS.
Qualifications
For the above position, the
successful applicant should have the following:
·
Preferably a Bachelors Degree in ICT
or Related Field from a recognized university. A Master’s Degree will be added
advantage.
·
Must possess at least one security
certification such as CISSP, CISM or COMPTIA+.
·
MCSE and/or MCSD certification will
be an added advantage.
·
A minimum of 5 years supervisory
experience in Information Technology with hands on experience in:
1. Active Directory Management.
2. IT Security on operating systems and databases (UNIX,
Microsoft, Oracle, SQL).
3. Knowledge and skills on encryption, VPN.
·
Experience in Project Implementation
and User Training is desired.
·
Knowledge of web programming
languages (ASP, .NET, JavaScript, etc) will be an added advantage.
·
Good customer service and willingness
to travel.
·
Wide knowledge of web application
security.
·
Excellent planning and organizing
skills
·
Excellent problem analysis and
attention to detail.
·
Good knowledge of various Banking
operations.
How to
Apply
The above position is demanding
role for which the Bank will provide a competitive remuneration package to the
successful candidate. If you believe you can clearly demonstrate your abilities
to meet the criteria given above, please log in to our Recruitment portal and
submit your application with a detailed CV.
To be considered your application
must be received by Friday, 17th May 2019.
Qualified candidates with disability
are encouraged to apply.
Only short listed candidates will be
contacted.
NB: In the event that you are invited to interview for any
positions, we will require that you provide us with the following documents:
·
National I.D.
·
KRA Pin Card
·
Birth Certificate of self
·
Passport Photo (White Background)
·
NSSF Card
·
NHIF Card
·
Police Clearance Certificate (less
than 5 Months old)
·
Academic and Professional
certificates, including official transcripts
·
Certificates of Service from previous
employers as applicable