Key Responsibilities
Recommend, implement, administer, optimize, and
support appropriate tools and solutions offering data loss prevention, and
information protection in compliance with the Bank’s policies and standards.
Continuously review, enforce, and report on database
and data store security controls that cover the major database management
systems such as Oracle, Microsoft SQL Server, MySQL, PostgreSQL.
Collaborate with the Cybersecurity Intelligence and
Security Operations Centre (CiSOC) in the continuous monitoring and defence of
the Bank’s data, information and databases from data leakage, intrusions,
unauthorized access, unauthorized modification as well as assist to detect,
report, and respond to data security violations/incidents.
Develop Data and Database Security Technical
Guidelines and Minimum Configuration Baseline Standards in line with industry
best practices and technologies commensurate with risk and regulatory
requirements and implementing the same cost effectively.
Implement and enforce technical security controls to achieve data protection objectives set out by the organization and regulatory requirements such as the Kenya Data Protection Act, and CBK Guideline for Cybersecurity
Define, create, and deliver compliance reports and
relevant metrics in Data Security & Privacy to senior management, including
violations, utilizing automation as deemed fit.
Provide data security and privacy related support to
projects from inception through to successful implementation in a bid to ensure
that data security and overall information protection measures are built in
from project inception.
Conduct continuous data security reviews and data
discovery assessments to determine any data security violations as well as
efficacy of implemented countermeasures.
Provide input into Information Security risk and
control self-assessments by leveraging specialized knowledge in data security,
databases, privacy, and information protection.
Research on and provide technical data security and
privacy expertise in the Group Information Security department, conduct data
security awareness and user training sessions across the group.
How To Apply