National Bank Senior Manager (ICT Risk) Job Vacancy in Kenya

National Bank – A Subsidiary of KCB Group Plc

Open Vacancy: Senior Manager, ICT Risk

1 Available Position

Job Ref No.HR/056/2022

Division: Risk

Location: Head Office

Reporting to: Director Risk

Position Scope: The successful candidate will be responsible in playing a key role in assessing and  enhancing the organization’s cybersecurity and technology risk posture by leading the identification and assessment of enterprise-level technology and cybersecurity risks.

This includes assessing potential cybersecurity and technology risks associated with critical business processes, identifying potential impacts to those processes, and engaging with diverse stakeholders to develop mitigation plans where necessary.

In addition to coordinating risk assessment activities, this role will involve developing reports on assessment results and presenting these results to executives and other stakeholders.

Key Responsibilities:

  • Review and implement an ICT Risk Management Framework.
  • Conduct system vulnerability tests in line with Bank policies and global standards and report to management on vulnerability and protection against malware and hackers.
  • Identify and assess risks, design mitigation controls and monitor the risks till closure.
  • Clearly document and define risks and their potential impact alongside the statistical probability of such an event, and identify systems affected by the defined risk.
  • Conduct system penetration testing for various stages of the system development lifecycle to ensure integrity, availability and assurance of the systems and technical processes.
  • Perform a review on compliance with ICT security policies across the technology ecosystem.
  • Evaluate security policy, processes and procedures for completeness and assess its applicability
  • Continuously evaluate communication security, data vulnerability, business continuity; and examine employee compliance with security controls and deficiencies.
  • Collaborate and consult with first-line IT teams and business teams to enhance internal control processes, risks and controls.
  • Identify, review and articulate business risks associated with technical vulnerabilities and risks, including IT risks, controls, improvements and opportunities in support of business.
  • Test and assess adequacy and effectiveness of control structure, along with practical recommendations to improve the effectiveness, and efficiency of a control or process.
  • Monitor and report on IT risk remediation progress, escalating to senior management where necessary.
  • Carry out and/or lead related second-line Information Security and Technology risk management activities as assigned, including cyber security risk assessments, SOC2 reviews, privacy assessments, technology selections & implementations, and data analysis.
  • Skilled in leading complex discussions across technology and business with subject matter experts, driving towards clear and documented solutions and timelines.
  • Keep abreast with current advances in all areas of ICT security.
  • Partner with Enterprise or Core IT and Business technology organizations to identify, measure, mitigate, monitor and report information, technology, and cybersecurity risks including deep dives, targeted reviews, testing of control monitoring plans.
  • Oversee specific domains within IT ensuring adoption of relevant Standards, Processes, Procedures, tech control library required to meet risk framework objectives.
  • Assist with preparation of responses to technology related regulatory requests and participate in regulatory / external audit reviews.

Education, Professional Qualifications, Experience & Skills

  • Bachelor’s degree (or higher) in Computer Science, Information Systems or related field.
  • Master’s degree in Information Systems/Cyber Security is preferred.
  • CISA, CISM, CISSP, CIA, CRISC, CGEIT certifications are highly preferred.
  • A member of a professional risk or accounting body.
  • Advanced skills in MS Excel.
  • 5-7 years of Information Security and/or IT Audit experience with a financial institution, a fintech company, or a provider to the financial services.
  • Three (3) years of experience in a current knowledge of best practice IT controls and industry-standard models (e.g., COBIT5, ITIL, NIST) and proven understanding of regulatory requirements.
  • Expert in security practices, the design of secure systems and the operation of security processes and technology.
  • Subject matter expertise in two or more: DevOps, microservices, hybrid cloud, SDWAN/SASE/network segmentation, AI/ML.
  • Cloud security experience highly desired.
  • Solid understanding of inherent and residual risk management principles, including experience with control design, operation, and effectiveness testing.
  • Implementation of industry best practices, risk frameworks, and regulatory guidelines such as FFIEC, NIST, COBIT, FAIR etc. preferred.
  • Excellent interpersonal skills / team player.
  • Experience managing a diverse team of subject matter experts across a broad set of security specialties.

How to Apply:

Send your CV and application letter showing how you meet the role requirement stated above to: by Tuesday, 9th August 2022.

Please note that applications received after the deadline will not be considered.

Only shortlisted candidates will be contacted for the next stage/s of the process.