Vacancy title:
ICT Risk Officer

[Type: FULL_TIME, Industry: Banking, Category: Computer & IT]

Jobs at:
Family Bank Ltd

Deadline of this Job:
Sunday, May 18 2025

Duty Station:
Nairobi | kenya | Kenya

Summary
Date Posted: Thursday, May 15 2025, Base Salary: Not Disclosed

Similar Jobs in Kenya
Learn more about Family Bank Ltd
Family Bank Ltd jobs in Kenya

JOB DETAILS:

Job Purpose:

• The holder will play a critical role in the identification, assessment, and mitigation of information and  communication technology (ICT) risks within the Bank. The role involves conducting risk assessments, developing,  and implementing risk management strategies, and fostering a culture of security and compliance 

Key Responsibilities: 

• Assisting in maintaining a current enterprise-wide knowledge base of its users, devices, applications and  their relationships, including but not limited to:  
• Software and hardware asset inventory.  
• Network maps (including boundaries, traffic and data flow); and  Network utilization and performance data.  
• Conducting daily security reviews and cyber risk assessments that consider people (i.e. employees,  customers, outsourcing and other external parties), processes, projects, change, data, technology across  all the Bank’s business lines and locations.  
• Assisting to maintain and oversee policies, processes and control techniques to address all applicable cyber  security risks. 
• Assisting in entrenching and reinforcing of bank-wide cyber security awareness culture. 
• Assisting in the sustenance of the cyber security risk champions program. 
• Communicate in a timely fashion noted incidents to CRO  
• Assisting to capture, maintenance, update and monitor of cyber security risks in one risk register and track  closure of raised external and internal ICT audit issues.  
• Ensuring monthly collation of data on the KRIs for ICT operations, ICT projects and reputational risks. 
• Maintaining and update network security dashboards daily.  
• Recommending improvement in security review programs.  
• Assisting in implementing the institution’s cyber security program and enforcing the cyber security policy.  
• Assisting to design cyber security controls with the consideration of users at all levels of the organization, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business  partners and service providers).  
• Reviewing compliance with bank' ICT risk standards and where appropriate, implement actions to always  protect the bank’s business. 
• Reviewing and ensure all servers, routers, switches, firewalls and user PCs are up to date with the latest  patches, antivirus and all unnecessary services and applications are disabled or uninstalled daily.  
• Daily reviews of privileged user access and activities in line with the privileged access management  standard. Sensitize use of strong passwords on all systems. 
• Conducting monthly review of system user accounts and confirm conformity with HR staff lists to ensure  that everyone with access to confidential files is truly authorized. Including reviews of the allocation of user  profiles for all applications. 
• Conducting daily network monitoring to ensure only authorized traffic is allowed.  
• On a weekly basis carry out penetration tests and vulnerability assessments to ensure IT systems are  secure and report to CRO on significant trends and vulnerabilities. 
• Championing resolution of issues raised on ICT audits, self-assessments on ICT, project and reputational  risk. 
• Conducting root cause analysis on any risk exposures noted to ensure no repeat instances arise. 
• Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the  institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack  through cyber-crime.  
• Assisting in coordinating and performing periodic Head Office & Branch on site & off-site risk assessments  & risk awareness visits 
• Fraud Risk Assessments and Reporting. 
• Detect, report, respond, contain and mitigate incidents that impair adequate data and infrastructure security. 
• Assisting in institution of a robust training program on professional cyber related and enterprise ICT risk  management trainings to improve technical proficiency of staff. 
• Ensuring monitoring of current and emerging cyber risks is done.  
• Preparing daily dashboard on the key risk items from security event monitoring. 
• Tracking preparation of implementation plans on issues raised from risk event reports and risk  assessments. 
• Constantly assist with updating the security systems to deal with new threats. This involves staying abreast  of technology news, researching new antivirus technology and new safety protocols. 
• Detect, report, respond, contain and mitigate incidents that impair adequate data and infrastructure security. 
• Following up for closure of issues raised and aversion of repeat incidences. 
• Works with teams to resolve issues that are uncovered by various internal and third-party monitoring tools. 
• Monitoring changes made to ICT systems and assessing their impact to the business.  
• Ensuring the bank’s compliance with Risk Management Guidelines and Prudential Guidelines on cyber  security and any other existing or emerging regulatory requirements. 
• Ensuring that no unauthorized information leaves the bank via monitoring of USB devices such as flash  disks, external hard disks, external email, data loss prevention system and internet connections. 
• Preparing daily cyber security posture dashboards and reports to the CRO this includes weekly penetration  tests and vulnerability assessment results 
• Immediately report to the CRO on detected ICT and Information Security incidents. 
• Ensure effective management of AML/CFT risks 
• Ensure compliance with the Data Protection laws, policies and procedures of the Bank. 
• Any other official duties that may be allocated from time to time by the line manager. 

The Person:  

• The ideal candidate must possess the following:  

Qualifications/Experience:  

• A bachelor’s degree in ICT related field. 
• Professional cyber security and ICT qualifications will be added advantage.  
• Proven experience in ICT risk management, cybersecurity, or related roles. 
• Knowledge of industry standards such as ISO 27001, COBIT, NIST, COSO, and other relevant frameworks. 
• Excellent communication, interpersonal, organizational, and negotiation skills.  
• Strong analytical and problem-solving skills, with the ability to assess and communicate complex technical  risks to non-technical stakeholders. 
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross functional teams. 
• Ability to work independently, consult and clarify where necessary and make informed and firm decisions.  

Competencies/Attributes:   

• An awareness of risk assessment techniques and knowledge of systems, processes and procedures  adopted within risk management. 
• Must have flexible approach to accept and champion change. 
• Excellent understanding of the current trends in ICT risk management especially in the Kenyan banking  sector.  
• Sound knowledge of the Bank’s policies and procedures  
• Good understanding of ICT risk management in line with ISO 27001 framework

Work Hours: 8

Experience: No Requirements

Level of Education: bachelor degree

Job application procedure
Interested in applying for this job? Click here to submit your application now.

All Jobs | QUICK ALERT SUBSCRIPTION