Key Responsibilities

• Day to day Informational risk management process through conducting risk workshops with business and IT to identify, assess, manage, monitor and report risks on a continued basis.
• Ensure that implemented systems are in line with KCB systems development life cycle as per KCB Information Security policy.
• Liaise with Risk Heads in subsidiaries with a view of ensuring that Group IT standards are met.
• Proactively anticipate potential threats and vulnerabilities and provide guidance in coordination with IT department on effective responses or control measures within subsidiaries.
• Reporting on incidents and complaints about ICT services.
• Conduct periodic IT risk assessments to ensure that all risks have been identified have been brought to the attention of management and appropriate control measures implemented to mitigate the risks in subsidiaries.
• Evaluate the technological direction and ensure the bank is positioned to take advantage of emerging technologies.
• Pre- and post-implementation review of ICT or ICT related projects for Kenya and subsidiaries.
• Review of Information Systems audit reports and tracking implementation of the recommendations thereof.
• Provide information risk consultation and guidance during system, application development and e-product development to assure that security concerns are addressed in the process.
• Management and maintenance of Informational risk management database.

The Person

For the above position, the successful applicant should have the following:

• Bachelor’s degree in information technology, Electrical Engineering, Computer Science, or Business
• Professional Qualifications in Information Risk, Security, and Business Continuity Management (BCM)
• Relevant certifications in Information Security and Risk Management such as CRISC, CISM, CISSP, CISA, or equivalent
• Master’s Degree in IT, MBA, or Computer Science (Advantageous)
• 5 years of Total Minimum Experience
• 5 years in Information Technology
• 4 years in Information Risk / IT Security / IT Audit
• 4 years in Information Risk Reviews & Vulnerability Assessments
• 4 years in Red Team Exercises and/or Penetration Testing
• 3 years in Stakeholder Management
• 2 years in People Management