Manager, IT Security Job in Kenya

Manager, IT Security

JOB SUMMARY

The role-holder is responsible for managing Information security solutions implementation, architecture and cyber security strategy of the bank. The individual would be involved in the identification, analysis, evaluation, life-cycle management and adoption of security technologies and would be entrusted with providing guidance on security features and controls for IT solutions deployed in the Bank.

Duties & Responsibilities

FINANCIAL – 10% 


  • Ensure that the Bank is protected and least exposed to fraud losses by implementing technology prevention and detection measures.
  • Develop and design Information Security Strategy that ensures IT control procedures are in place for technology and information systems that affects the management of IT processes such as change management, disaster recovery and security.

CUSTOMER – 40%

  • Documents, disseminates and maintains the system risk governance methodology, the Information Security Policy, Standards and procedures in line with minimum Baseline Security Standards set, regulatory requirements and industry best practices.
  • Maintains and enforces the IT systems risk management and Information Security risk management framework/methodology.
  • Promotes and continuously improves IT systems risk-related activities and controls.
  • Assisting to address any regulatory, legal and commercial obligations and challenges that may arise.
  • Communicates regularly with management to ensure support for the information security program and IT related projects.

OPERATIONAL – 30%

  • Creates and manages an enterprise-wide Information Security awareness campaign by providing training.
  • Identifies and analyzes system vulnerabilities in order to manage and mitigate risks.
  • Establishes, reviews and verifies Information Security risk related policies, standards and procedures documentation on a regular basis. Monitors and records in the IT security risk register compliance with the Security Standards, Policies and architecture.
  • Ensures proper information security clearance is undertaken in accordance with established bank information security policies and procedures.
  • Performs or organizes the system risk assessments and gap analysis for all technologies, products, services and new departments/functions introduced via selected vendors.
  • Proactively identifies technology risks via timely analysis and development of appropriate metrics and other key risk indicators, information security assessments, review of requests for policy or standard exceptions and health check results.
  • Implements Information Security tools and methods necessary to support the bank’s Information Security Strategy.

LEADERSHIP – 20%

  • Develops and reports appropriate Technology Security metrics to executive management for information, awareness and decision making.
  • Manages on a regular basis all outsourced security information vendors of the Bank in relation to the agreed SLAs and contractual agreements.
  • Coordinates the communication of the information security awareness campaign to all members of staff.
  • Coordinate with all IT security vendors, external auditors, user departments and executive management to review and enhance information security management posture in the Bank.

KEY RELATIONSHIPS

Direct Reports to this Position

  • Assistant Manager, Information Security
  • Senior Officer, Information Security

Customers of this Position

  • Information Technology team
  • Bank Management teams
  • All Staff
  • SBM Group Management teams
  • Auditors both internal and external
  • Security and Fraud Managers, Investigators from the Police Service, Directorate of Criminal Investigation and BFID.
  • Regulators such as Central Bank of Kenya, Capital Markets Authority, Insurance Regulatory Authority and any other regulatory bodies in Kenya.

Knowledge; Skills and Experience required for this Role

  • A Bachelors of Science degree in Computing or related degree from a recognised University.
  • Possession of MBA or M.Sc. will be an added advantage.
  • Must possess at least one internationally recognizable IT security certification such as CISM, CISSP, CISA, CASP, MCSE CEH or Security+.
  • A minimum of 5 years’ experience in Information Technology, three (3) of which must be in IT Security Management with hands on experience in:
  • Managing IT security for core banking systems such as Flexcube, Oracle, T24, Finacle etc.
  • Managing software and security architectures such as SOCs, SIEM, PIM/PAM, EDRs and NAC solutions.
  • IPS and vulnerability testing tools.
  • Active Directory management.
  • IT Security on operating systems and databases (UNIX, Microsoft, Oracle, SQL).
  • Wide knowledge of web security architecture o Knowledge and skills on encryption and VPN provision and management.

Competencies required for this Role

1. Excellent verbal and written communication skills with technical and nontechnical staff, end-users, and senior management.

2. Strong teamwork skills to maintain strong working relationships within and outside Risk & Compliance division, to develop a results-oriented work environment.

3. Excellent follow-up skills to see tasks through to resolution, and communicate problem status to end users such as notification of completion, notification of delay, and explaining rationale for IT related projects.

4. Excellent analytical solving skills.

5. Excellent organizational skills, prioritizing and managing multiple tasks.

6. Offer and accept feedback and constructive suggestions.

How to Apply

Closing Date 13 December 2022.

Click Here to Apply.