Background information about the job or company

The Central Bank of Kenya is a public institution established under Article 231 of the Constitution of Kenya, 2010. The Bank is responsible for formulating monetary policy to achieve and maintain price stability and issuing currency. Pursuant to the CBK Act, the Central Bank promotes financial stability through regulation, supervision and licensing of fin...

Job Purpose

This role provides independent oversight and challenge of technology and cyber risks across the Bank. The role strengthens the IT risk management framework and control environment by ensuring alignment with best practice standards, regulatory expectations, and the Bank’s risk appetite. It involves proactive risk identification, assurance activities, and engagement with stakeholders to embed a risk-aware culture in technology decision-making.

Qualifications or requirements

• Bachelor’s degree in Information Technology, Computer Science, Information Systems or related discipline.
• Professional certifications such as CISA, CRISC or equivalent is mandatory.
• Additional training in cyber security is an added advantage.

Experience needed

• Minimum of five (5) years’ experience in IT risk, cyber risk, IT audit or technology assurance roles in an organization of similar size and complexity.

• Provide expert risk advice on existing technology and cyber risks, including digital transformation initiatives, cloud, and AI.
• Identify emerging technology and cyber risks and assess their potential impact on the Bank’s operations and mandate.
• Support and challenge first-line enterprise technology risk assessments, ensuring completeness, accuracy and alignment with the Bank’s risk appetite.
• Perform independent design reviews of key IT general controls, including access management, segregation of duties, change management and configuration controls.
• Review IT risk policies, standards and guidelines aligned to ISO, NIST and other relevant frameworks.
• Review the effectiveness of incident and problem management processes, supporting root cause analysis and identification of control improvements.
• Engage with IT and business stakeholders to promote risk-aware decision-making.
• Prepare clear and insightful IT risk reports for governance forums, tracking remediation actions to closure.

• Bachelor’s degree in Information Technology, Computer Science, Information Systems or related discipline.
• Professional certifications such as CISA, CRISC or equivalent is mandatory.
• Additional training in cyber security is an added advantage.