We Are Hiring!!
Submit CV Here
KCB Group Plc was registered as a non-operating holding company to oversee all KCB regional units including KCB Bank Kenya, Tanzania, South Sudan, Uganda, Rwanda, Burundi and Ethiopia. It also owns KCB Insurance Agency, KCB Capital, KCB Foundation and all associate companies.
Head, IT Risk & Security
Reporting to the Director, Information Technology, the purpose of the role is to safeguard KCB critical information infrastructure against external aggression from cyber criminals; respond to, resolve and recover from Cyber/IT Security incidents and attacks through proactive security incidence monitoring and also deliver an appropriate IT business continuity & data back-ups management capability for the Bank in the event of a material business interruption.
- Ensure the security of the core banking systems through adequate security management and administration measures.
- Develop and enforce IT policies, standards and procedures to ensure proper operations and maintenance of the IT assets.
- Implement appropriate transparency/escalation of all significant risks as appropriate in the weekly and monthly reports, and priority notifications to ensure minimum exposure to risk.
- Identifying risks via: analysis of monthly metrics and other indicators; review of IT conformance reports, security assessments, requests for policy/standard exceptions and health check results; responding to escalations and queries; regular discussions with the departments; and other means that may be available to ensure that appropriate measures are taken to mitigate exposure.
- Assessing identified risks in conjunction with other IT Departments, Information Risk and other Lines of Business to determine the impact/materiality in terms of financial loss/cost, reputation and/or regulatory risk and the likelihood and potential frequency of such risk occurring.
- Ensure appropriate action plans and delivery dates are in place to address material risks and any open internal or external audit items or regulatory issues, and tracking these actions to completion.
- Participate in the annual IS and IT audit plan with the Internal Audit in order to take note of the areas to be addressed.
- Coordinate with internal and external auditors to ensure timely and responsive auditees, appropriate findings, and appropriate management responses and action plans.
- Coordinate with Operational Risk Control to ensure transparency of risks, appropriate measures in place to mitigate risks to within the Business risk appetite, and a positive and open working relationship.
- Providing guidance within the departments on topics related to ICT risk management such as achieving compliance with standards and policies, staying within the risk appetite of the KCB.
- Coordinating with the Departments to ensure all deadlines are met for core activities such as conformance, audits, regulatory reviews, priority initiatives, etc.
- Participation in the implementation of the Group Data Protection and Data Confidentiality programs.
- Responsible for implementing/establishing a process for safeguarding authentication devices against interference, loss and theft.
- To be considered for the role, the successful applicant should have the following:
- Preferably a Bachelor’s Degree in ICT or Related Field from a recognized university. A Master’s Degree will be added advantage.
- Must possess at least one security certification such as CISA, CISM, CISSP, CASP, BCM, Security +.
- A minimum of 10 years senior management experience in Information Technology with hands on experience in:
- 8 years’ experience in Core banking risk & security management,
- 8 years’ experience in Active directory management,
- 8 years’ experience in IT Security on operating systems and databases,
- 8 years’ experience in IT BCM, Data Back Ups & Archival Management,
- Knowledge of web security architecture is essential.
- Knowledge and skills on encryption, VPN is essential.
- Knowledge of web programming languages and software & security architectures is desired.
- Strong leadership skills with demonstrated competencies in championing high performance.
- Superior communication and interpersonal skills.
IT Security Specialist
Reporting to the Senior Manager, IT Security; the IT Security Specialist will be responsible for innovation, implementation and support of systems that provide the tools for automating and securing the office environment throughout the KCB business.
- Perform vulnerability assessment and penetration testing on Banks infrastructure and applications in a bid to ensure that they are secure from external or internal hacking attempts.
- Research on and provide technical security expertise on continuous persistent threats affecting the banking industry to the Senior Manager, IT Risk & Security and DDIT.
- Develop IT Security Policies, Minimum Baseline Security Standards in line with industry best practices and technologies, commensurate with risk and regulatory requirements and implementing the same cost effectively.
- Provide technical security related support to projects from inception through to successful implementation to ensure that security is in built into the applications.
- Recognize and provide solutions for IT Security related problems by identifying abnormalities and reporting violations.
- Appropriately and practically defend the information enterprise in accordance with established policies, procedures, guidelines and practices.
- Monitor internal and external threats, examine logs, events and alerts generated by multiple platforms for anomalous activity, evidence of security incidents and other error conditions that may constitute a breach in security or degradation of integrity or confidentiality of KCB Information Technology systems and information assets.
- Continuously update the IT security monitoring and assessment as required in view of the latest hacking techniques & also stay current on malware trends especially in the financial industry and also adjust the assessment accordingly to reflect the latest trends.
- Support the implementation of procedural, operational and technical Security Architecture enhancements.
- Ensure compliance to security standards, PCI/DSS, FIBS.
For the above position, the successful applicant should have the following:
- Preferably a Bachelors Degree in ICT or Related Field from a recognized university. A Master’s Degree will be added advantage.
- Must possess at least one security certification such as CISSP, CISM or COMPTIA+.
- MCSE and/or MCSD certification will be an added advantage.
- A minimum of 5 years supervisory experience in Information Technology with hands on experience in:
- Active Directory Management.
- IT Security on operating systems and databases (UNIX, Microsoft, Oracle, SQL).
- Knowledge and skills on encryption, VPN.
- Experience in Project Implementation and User Training is desired.
- Good customer service and willingness to travel.
- Wide knowledge of web application security.
- Excellent planning and organizing skills
- Excellent problem analysis and attention to detail.
- Good knowledge of various Banking operations.
Method of Application
Use the link(s) / email(s) below to apply on company website.