Manager, IT Security
JOB SUMMARY
The role-holder is
responsible for managing Information security solutions implementation,
architecture and cyber security strategy of the bank. The individual would be
involved in the identification, analysis, evaluation, life-cycle management and
adoption of security technologies and would be entrusted with providing
guidance on security features and controls for IT solutions deployed in the
Bank.
Duties & Responsibilities
FINANCIAL – 10%
- Ensure
that the Bank is protected and least exposed to fraud losses by
implementing technology prevention and detection measures.
- Develop
and design Information Security Strategy that ensures IT control
procedures are in place for technology and information systems that
affects the management of IT processes such as change management, disaster
recovery and security.
CUSTOMER – 40%
- Documents,
disseminates and maintains the system risk governance methodology, the
Information Security Policy, Standards and procedures in line with minimum
Baseline Security Standards set, regulatory requirements and industry best
practices.
- Maintains
and enforces the IT systems risk management and Information Security risk
management framework/methodology.
- Promotes
and continuously improves IT systems risk-related activities and controls.
- Assisting
to address any regulatory, legal and commercial obligations and challenges
that may arise.
- Communicates
regularly with management to ensure support for the information security
program and IT related projects.
OPERATIONAL – 30%
- Creates
and manages an enterprise-wide Information Security awareness campaign by
providing training.
- Identifies
and analyzes system vulnerabilities in order to manage and mitigate risks.
- Establishes,
reviews and verifies Information Security risk related policies, standards
and procedures documentation on a regular basis. Monitors and records in
the IT security risk register compliance with the Security Standards,
Policies and architecture.
- Ensures
proper information security clearance is undertaken in accordance with
established bank information security policies and procedures.
- Performs
or organizes the system risk assessments and gap analysis for all
technologies, products, services and new departments/functions introduced
via selected vendors.
- Proactively
identifies technology risks via timely analysis and development of
appropriate metrics and other key risk indicators, information security
assessments, review of requests for policy or standard exceptions and
health check results.
- Implements
Information Security tools and methods necessary to support the bank’s
Information Security Strategy.
LEADERSHIP – 20%
- Develops
and reports appropriate Technology Security metrics to executive
management for information, awareness and decision making.
- Manages
on a regular basis all outsourced security information vendors of the Bank
in relation to the agreed SLAs and contractual agreements.
- Coordinates
the communication of the information security awareness campaign to all
members of staff.
- Coordinate
with all IT security vendors, external auditors, user departments and
executive management to review and enhance information security management
posture in the Bank.
KEY RELATIONSHIPS
Direct Reports to this Position
- Assistant
Manager, Information Security
- Senior
Officer, Information Security
Customers of this Position
- Information
Technology team
- Bank
Management teams
- All
Staff
- SBM
Group Management teams
- Auditors
both internal and external
- Security
and Fraud Managers, Investigators from the Police Service, Directorate of
Criminal Investigation and BFID.
- Regulators
such as Central Bank of Kenya, Capital Markets Authority, Insurance
Regulatory Authority and any other regulatory bodies in Kenya.
Knowledge; Skills and Experience required for this Role
- A
Bachelors of Science degree in Computing or related degree from a
recognised University.
- Possession
of MBA or M.Sc. will be an added advantage.
- Must
possess at least one internationally recognizable IT security
certification such as CISM, CISSP, CISA, CASP, MCSE CEH or Security+.
- A
minimum of 5 years’ experience in Information Technology, three (3) of
which must be in IT Security Management with hands on experience in:
- Managing
IT security for core banking systems such as Flexcube, Oracle, T24,
Finacle etc.
- Managing
software and security architectures such as SOCs, SIEM, PIM/PAM, EDRs and
NAC solutions.
- IPS
and vulnerability testing tools.
- Active
Directory management.
- IT
Security on operating systems and databases (UNIX, Microsoft, Oracle, SQL).
- Wide
knowledge of web security architecture o Knowledge and skills on
encryption and VPN provision and management.
Competencies required for this Role
1. Excellent verbal and
written communication skills with technical and nontechnical staff, end-users,
and senior management.
2. Strong teamwork skills
to maintain strong working relationships within and outside Risk &
Compliance division, to develop a results-oriented work environment.
3. Excellent follow-up
skills to see tasks through to resolution, and communicate problem status to
end users such as notification of completion, notification of delay, and
explaining rationale for IT related projects.
4. Excellent analytical
solving skills.
5. Excellent
organizational skills, prioritizing and managing multiple tasks.
6. Offer and accept
feedback and constructive suggestions.
How to Apply
Closing Date 13 December 2022.