Monitoring & Control Credit Risk Officer
Branch: Kilimani Branch – Head
Office
Department: ERM
Reports to: Enterprise Risk
Management, Head
Credit Risk Officer –
Monitoring & Control
Job Purpose:
To monitor the
performance of the portfolio and report to the various committees such as Board
Credit, Management, Management Credit, and the Remedial, Committees of the
bank.
To oversee implementation of Climate risk and related Environmental and Social
Risks in Credit and report to the various stakeholders.
KEY RESPONSIBILITIES
AND ACTIVITIES
- Monitoring the performance of
the various Business segments’ credit Portfolio to ensure that the asset
quality is maintained and improved within the benchmarked thresholds on
PAR, delinquency and Migration to ensure provision costs are within set
targets.
- Monitoring the performance of
pre-90 accounts in order to identify unique cases for
write-offs/write-downs, upgrades, restructures and waiver of arrears on
contracts that qualify
- Ensuring that the interest
rates for facilities are correctly allocated and ensure that the
provisions are adequate for every contract and that the excess provisions
are written back.
• Engaging with the debtors through meetings, visits, calls and correspondences in order to draft repayment plans and identify cases that require statutory or legal actions and recommend accordingly - Ensuring the business has a
proper debt recovery and collection strategy on nonperforming assets
through customer follow-ups.
- Ensure business units are
complying with internal policies and procedures to ensure that customer
credit appraisals are of high quality to minimize lending risks through
top-notch KYC/AML checklists and also loans advanced are within the bank
lending policies.
• For trade finance products, closely monitoring the fees and commissions that are being collected as required - For check-off loans in order to
recommend actions for dropped, partially adopted or non-adopted loans as
well as recommend waiver and restructuring for check-off loans that that
are receiving correct payments
- Ensure compliance to credit
limits and processes, debtors’ compliance to covenants
- Review and recommend
improvements to bank credit processes, checklists, reports, limits
utilization, and approvals
- Perform risk analysis on Loan
documentation and processing, Securities perfection of secured loans,
financial analysis on the loan application.
- Implementation of Climate risk
and related Environmental and Social Risks in Credit and reporting to the
various stakeholders.
NETWORKING
Direct Reporting of this
position: ERM Head.
Direct Reports to this position: NIL
Customers of this
Position: Internal Customers – Business staff, management/ External
Customers – Debt collectors, customers
DECISION MAKING
- Asset quality below the
benchmarked thresholds on PAR, delinquency and Migration and provision
costs are not within set threshold.
- Unique cases for
write-offs/write-downs, upgrades, restructures and waiver of arrears on
contracts that qualify
- Allocation of interest rates
for facilities are correct and provisions are adequate for every contract
- Identify cases that require
statutory or legal actions and recommend accordingly
- Proper debt recovery and
collection strategy on nonperforming assets through customer follow-ups
for the business.
- Compliance level of the
business with internal policies, procedures and limits
- Revenue leakage for fees
commissions collected, and provisions writebacks, interest charged on
loans
- Identify gaps in the
implementation of CBK Prudential guidelines on credit management, climate
risk management in the banking sector and requirements of the banking
sector charter
ACADEMIC BACKGROUND:
- First Degree preferably in
Finance, Commerce or business or other related fields.
- Grasp on CBK Prudential
guidelines, credit management in the banking sector
WORK EXPERIENCE
- Minimum of 3 years in risk management,
credit department in the banking industry .
SKILLS &
COMPETENCIES
- Product knowledge of structured financial
products, risk pricing, and equity investments.
- Familiarity with credit-enhancing mechanisms, risk
mitigation and treatment of collateral regarding credit and investment
exposures.
- In-depth knowledge of credit risk-related
financial analysis, procedures, and systems in complex global financial
services settings.
- Proven skills and working experience in risk
assessment practices
- A solid understanding of credit and risk
management; detail-oriented; quantitative analysis skills would be an
advantage.
- Good oral and written communication skills in
English.
PROFESSIONAL
CERTIFICATION REQUIRED
- Certified Public Accountant
- Risk certifications are an added
advantage
How
To Apply
Interested
and qualified? Go to Sidian Bank on
sidianbank.co.ke to apply
Chief Information Security
Officer & Data Privacy Officer
Branch: Kilimani Branch – Head
Office
Department: ERM
Reports to: Head ERM
Chief Information
Security Officer & Data Privacy Officer
JOB PURPOSE
To oversee the
protection of bank and customer data, as well as the protection of
infrastructure and assets from malicious actors. Serves as the process owner of
all assurance activities related to the availability, integrity, and
confidentiality of customer, business partner, employee, and business
information in compliance with the bank’s information security policies.
KEY RESPONSIBILITIES
- Strategy
- Audit and Compliance
- Policies Standards and Procedure
- Change Management and Change Catalyst
- Data Protection/Privacy
- Information Security Awareness Training
- Risk Management
- Security Operation Center SOC
- Business Continuity and Disaster Recovery
- Identity and Access Management
- Incident Reporting
- Cyber security
MAIN ACTIVITIES
- Strategy
·
- Draw out and implement a
5-year strategy plan towards the organization’s certification on ISMS –
ISO27001
- Draw out a yearly Budgetary
proposal towards mitigating Technology Risk in the organization
- Keep up to date with the
latest security and technology developments
- Research/evaluate emerging
security threats and ways to manage them
- Audit and Compliance
·
- Leading auditing and security
compliance initiatives.
- Ensure that an annual Central
Bank of Kenya (CBK) Cyber Security Compliance Report is provided
- Drive the testing and
evaluation of security products
- Policies Standards and
Procedure
·
- Develop and ensure up-to-date
Information security policies and standards, are in place and followed
through its socialization
- Change Management and Change
Catalyst.
- Introduced security Risks
Assessment in the product development lifecycle
- Introduced NDA compliance from
all the Vendors
- Vendor Minimum Security
Baseline Evaluation
- Implement annual KPI checklist
and vendor risk management for Vendors is implemented
- Design new security systems or
upgrade existing ones
- Data Protection/Privacy
- Develop a Strategy for Data
Privacy Compliance and walk through its implementation.
- Data Protection Awareness
Champion.
- Conducting Data Mapping and
Data Protection Impact Assessment.
- Information Security Awareness
Training.
- Develop an Information
Security Awareness program, prepared curriculum for different set of
users and executed the program
- Risk Management
- Maintain an information
security risk register for the business
- Ensuring security on all
platform infrastructure and external integrations
- Security Operation Center SOC
·
- Implement Information Security
Incident Management program
- Operationalize a SOC and
implement a SIEM
- Identify potential weaknesses
and implement measures, such as firewalls and encryption
- Implement alert closure
programs in Netguardians (Fraud) solution.
- Implement End Point Security
including data leak prevention, mobile device management
- Monitor and respond to
phishing emails and pharming activity
- Analysis and Monitoring of
entry points, activity logs, internal environments, and databases.
- Vulnerability Assessment and
Penetration Testing schedule and timetable
- Business Continuity and
Disaster Recovery
- Update and implement a
business continuity plan for the business.
- Conduct Business Impact
Assessment and define RPO and RTOs for the business.
- Executed a tabletop and actual
disaster recovery plan tests for people, systems, processes.
- Conducted drills and work on
areas of improvement.
- Identity and Access Management
- Onboarding and off-boarding of
Assets
- User provisioning/
de-provisioning and Privileged Access management.
- Developed and role-based
access control matrix
- Incident Reporting
- Update and implement an
incident reporting mechanism and plan for the business
- Incident reporting to CBK as
required
- Investigate security alerts
and provide incident response.
- Cyber security
·
- Use advanced analytic tools to
determine emerging threat patterns and vulnerabilities
- Engage in ethical hacking, for
example, simulating security breaches
- Generate reports for both
technical and non-technical staff and stakeholders.
- Data Security and Fraud
Prevention.
DECISION-MAKING
AUTHORITY
- Subject matter expert on
Information Security, cyber security, and data Privacy
- Facilitate the following
training:
1.
- User awareness training for
all staff
- Professional cyber-related
training for technical staff
- Cybersecurity training and
updates for Board Members
- Cybersecurity awareness for
customers, suppliers, partners, outsourced service providers, and other
third parties.
- Submit the required
cybersecurity regulatory returns to the Central Bank of Kenya, as per the
prescribed timelines.
- Ensure timely and comprehensive
reports to the CEO, Senior Management, Board Audit Risk Management
Committee, and the Board. These reports should be submitted at least
quarterly.
- Design and periodically review
the Bank’s cybersecurity program
- Support the submission of the
following to the Board for approval, at least annually:
1.
- Cybersecurity strategy/risk
management plan.
- Cyber security policy and
framework, or revisions thereof
- Cybersecurity risk assessments
and risk appetite
- Cybersecurity budget
- Design cybersecurity controls
with the consideration of users at all levels of the organization and
advises the Business. Follow up with the responsible functions for
implementation.
- Ensure that a business develops
a cyber asset register that classifies its cybersecurity assets. Critical
assets should be identified.
- Identify and facilitate
compliance to data protection/ data privacy requirements.
- Manage the Security Operations
Centre of the Bank to perform operational information security monitoring,
testing, and threat intelligence. Where this function is outsourced,
conduct oversight over and provide directions to any third-party service
provider to whom this is outsourced.
- As the cybersecurity
coordinator, perform the following roles:
1.
- Regularly review the Bank’s
incident response plan. This should include a data breach response plan.
- Regularly review the
composition of the CSIRT
- Train CSIRT members on their
roles and responsibilities
- Conduct regular tests and
report test results to senior management, Board Risk Management
Committee, and Board Audit Committee.
- Liaise with the Business
Continuity Co-ordinator and the ICT function to ensure that adequate
disaster recovery measures are in place i.e. functioning Disaster recovery
site and adequate backups of critical IT systems and data in line with the
required Recovery Time and Recovery Point Objectives.
ACADEMIC BACKGROUND
- A minimum of a Bachelor’s degree in Information
Technology, Computer science, Cybersecurity, business, or related fields.
- A Master’s degree in IT security will be an added
advantage.
WORK EXPERIENCE
- 3- 5 years Banking Experience
- Knowledgeable in IT operations
- Proficient in IS Security
- Knowledge of Data Protection laws & General
Data Protection Regulations (GDPR) is an added advantage.
SKILLS &
COMPETENCIES
- Excellent interpersonal & Communication
Skills.
- Working in Teams.
- Excellent analytical skills.
- Organization skills.
- Problem-solving skills.
- Excellent knowledge of security tools.
- Report writing skills.
PROFESSIONAL
CERTIFICATION
- Professional qualification such
as Certified Information Systems Security Professional CISA, Certified
Information Systems Security Professional CISM or Certified Information
Systems Security Professional (CISSP).
- Member of ISACA.
How
To Apply
Interested
and qualified? Go to Sidian Bank on
sidianbank.co.ke to apply
