Head of Information Security
2025-10-06T05:50:34+00:00
SBM Bank
https://cdn.greatkenyanjobs.com/jsjobsdata/data/employer/comp_3993/logo/SBM%20Bank.png
https://www.greatkenyanjobs.com/jobs
FULL_TIME
Kenya
Nairobi
00100
Kenya
Banking
Computer & IT
2025-10-20T17:00:00+00:00
Kenya
8
Job Purpose
The Head of Information Security will play a critical role in the organization’s Information security strategy, overseeing the implementation and maintenance of a Zero Trust Architecture within our bank. This strategic position requires a visionary leader who can collaborate effectively with cross-functional teams and drive the transformation to enhance the security posture of our bank’s systems, applications, and data.
Key Responsibilities
Develop and Execute Zero Trust Architecture Strategy – 20%
- Lead the development and implementation of the Zero Trust Architecture strategy, ensuring alignment with the bank’s overall security objectives.
- Define the roadmap for transitioning to a Zero Trust Architecture, including goals, milestones, and resource requirements.
- Evaluate emerging technologies and industry best practices to enhance the bank’s security posture.
Security Governance and Risk Management – 20%
- Establish and maintain a robust security governance framework that aligns with regulatory requirements, industry standards, and best practices.
- Identify and assess security risks, vulnerabilities, and threats, and develop appropriate risk mitigation strategies.
- Collaborate with internal stakeholders to establish security policies, standards, and procedures that support the Zero Trust Architecture.
Security Operations and Incident Response – 20%
- Oversee the design, implementation, and operation of security controls and technologies to protect the bank’s infrastructure, applications, and data.
- Develop and maintain an incident response plan, ensuring the organization’s readiness to detect, respond, and recover from security incidents.
- Conduct regular security assessments, penetration testing, and vulnerability scanning to identify potential weaknesses and recommend remediation measures.
Security Awareness and Training – 20%
- Develop and implement a comprehensive security awareness program to educate bank employees on the principles of Zero Trust and their roles in maintaining a secure environment.
- Conduct regular security training sessions and workshops to enhance the security awareness and knowledge of employees across the organization.
Stakeholder Management and Collaboration – 20%
- Collaborate with senior management, business units, and technology teams to understand their requirements, align security objectives, and ensure the successful implementation of the Zero Trust Architecture.
- Engage with external partners, vendors, and industry peers to stay abreast of the latest security trends, technologies, and threats.
Key Relationships
Direct Reports to this Position.
- Manager, Information Security
- Senior Officer, Information Security
Customers of this Position:
- All Bank Staff
- SBM Group Management teams
- Internal and External Auditors
- Security and Fraud Managers, Investigators from the Police Service, Directorate of Criminal Investigation and BFID.
- Regulators such as Central Bank of Kenya, Capital Markets Authority, Insurance Regulatory Authority and any other regulatory bodies in Kenya.
Knowledge; Skills and Experience required for this Role
Education and Experience:
- Bachelor’s degree in Computer Science, Information Security, or a related field. Possession of MBA or M.Sc. will be an added advantage.
- Must possess at least one internationally recognizable IT security certification such as CISM, CISSP, CISA, CASP, MCSE CEH or Security+.
- Extensive experience (minimum of 8 years) in information security, including hands-on experience in designing and implementing security solutions in a complex environment.
- Proven experience in leading and managing security operations, incident response, and risk management teams.
- Experience in the financial industry or a similarly regulated environment is highly desirable
Technical Skills:
- In-depth knowledge of Information security principles, frameworks, and standards (e.g., NIST, ISO 27001, etc.).
- Strong understanding of Zero Trust Architecture principles, concepts, and implementation strategies.
- Familiarity with cloud security, network security, identity and access management, encryption technologies, and secure coding practices.
- Experience with security tools such as SIEM, DLP, IDS/IPS, and vulnerability management systems.
Competencies required for this Role
- Excellent leadership and people management skills with the ability to build and motivate high-performing teams.
- Strong analytical and problem-solving skills with the ability to make sound decisions in complex and high-pressure situations.
- Excellent verbal and written communication skills with technical and non-technical staff, end-users, and senior management.
- Strong teamwork skills to maintain strong working relationships within and outside Risk & Compliance division, to develop a results-oriented work environment.
- Excellent follow-up skills to see tasks through to resolution, and communicate problem status to end users such as notification of completion, notification of delay, and explaining rationale for IT related projects.
- Excellent organizational skills, prioritizing and managing multiple tasks.
- Offer and accept feedback and constructive suggestions.
Develop and Execute Zero Trust Architecture Strategy – 20%
Lead the development and implementation of the Zero Trust Architecture strategy, ensuring alignment with the bank’s overall security objectives.
Define the roadmap for transitioning to a Zero Trust Architecture, including goals, milestones, and resource requirements.
Evaluate emerging technologies and industry best practices to enhance the bank’s security posture.
Security Governance and Risk Management – 20%
Establish and maintain a robust security governance framework that aligns with regulatory requirements, industry standards, and best practices.
Identify and assess security risks, vulnerabilities, and threats, and develop appropriate risk mitigation strategies.
Collaborate with internal stakeholders to establish security policies, standards, and procedures that support the Zero Trust Architecture.
Security Operations and Incident Response – 20%
Oversee the design, implementation, and operation of security controls and technologies to protect the bank’s infrastructure, applications, and data.
Develop and maintain an incident response plan, ensuring the organization’s readiness to detect, respond, and recover from security incidents.
Conduct regular security assessments, penetration testing, and vulnerability scanning to identify potential weaknesses and recommend remediation measures.
Security Awareness and Training – 20%
Develop and implement a comprehensive security awareness program to educate bank employees on the principles of Zero Trust and their roles in maintaining a secure environment.
Conduct regular security training sessions and workshops to enhance the security awareness and knowledge of employees across the organization.
Stakeholder Management and Collaboration – 20%
Collaborate with senior management, business units, and technology teams to understand their requirements, align security objectives, and ensure the successful implementation of the Zero Trust Architecture.
Engage with external partners, vendors, and industry peers to stay abreast of the latest security trends, technologies, and threats.
Key Relationships
Direct Reports to this Position.
Manager, Information Security
Senior Officer, Information Security
Customers of this Position:
All Bank Staff
SBM Group Management teams
Internal and External Auditors
Security and Fraud Managers, Investigators from the Police Service, Directorate of Criminal Investigation and BFID.
Regulators such as Central Bank of Kenya, Capital Markets Authority, Insurance Regulatory Authority and any other regulatory bodies in Kenya.
Excellent leadership and people management skills with the ability to build and motivate high-performing teams.
Strong analytical and problem-solving skills with the ability to make sound decisions in complex and high-pressure situations.
Excellent verbal and written communication skills with technical and non-technical staff, end-users, and senior management.
Strong teamwork skills to maintain strong working relationships within and outside Risk & Compliance division, to develop a results-oriented work environment.
Excellent follow-up skills to see tasks through to resolution, and communicate problem status to end users such as notification of completion, notification of delay, and explaining rationale for IT related projects.
Excellent organizational skills, prioritizing and managing multiple tasks.
Offer and accept feedback and constructive suggestions.
Bachelor’s degree in Computer Science, Information Security, or a related field. Possession of MBA or M.Sc. will be an added advantage.
Must possess at least one internationally recognizable IT security certification such as CISM, CISSP, CISA, CASP, MCSE CEH or Security+.
Extensive experience (minimum of 8 years) in information security, including hands-on experience in designing and implementing security solutions in a complex environment.
Proven experience in leading and managing security operations, incident response, and risk management teams.
Experience in the financial industry or a similarly regulated environment is highly desirable
JOB-68e358aae933a
Vacancy title:
Head of Information Security
[Type: FULL_TIME, Industry: Banking, Category: Computer & IT]
Jobs at:
SBM Bank
Deadline of this Job:
Monday, October 20 2025
Duty Station:
Kenya | Nairobi | Kenya
Summary
Date Posted: Monday, October 6 2025, Base Salary: Not Disclosed
Similar Jobs in Kenya
Learn more about SBM Bank
SBM Bank jobs in Kenya
JOB DETAILS:
Job Purpose
The Head of Information Security will play a critical role in the organization’s Information security strategy, overseeing the implementation and maintenance of a Zero Trust Architecture within our bank. This strategic position requires a visionary leader who can collaborate effectively with cross-functional teams and drive the transformation to enhance the security posture of our bank’s systems, applications, and data.
Key Responsibilities
Develop and Execute Zero Trust Architecture Strategy – 20%
- Lead the development and implementation of the Zero Trust Architecture strategy, ensuring alignment with the bank’s overall security objectives.
- Define the roadmap for transitioning to a Zero Trust Architecture, including goals, milestones, and resource requirements.
- Evaluate emerging technologies and industry best practices to enhance the bank’s security posture.
Security Governance and Risk Management – 20%
- Establish and maintain a robust security governance framework that aligns with regulatory requirements, industry standards, and best practices.
- Identify and assess security risks, vulnerabilities, and threats, and develop appropriate risk mitigation strategies.
- Collaborate with internal stakeholders to establish security policies, standards, and procedures that support the Zero Trust Architecture.
Security Operations and Incident Response – 20%
- Oversee the design, implementation, and operation of security controls and technologies to protect the bank’s infrastructure, applications, and data.
- Develop and maintain an incident response plan, ensuring the organization’s readiness to detect, respond, and recover from security incidents.
- Conduct regular security assessments, penetration testing, and vulnerability scanning to identify potential weaknesses and recommend remediation measures.
Security Awareness and Training – 20%
- Develop and implement a comprehensive security awareness program to educate bank employees on the principles of Zero Trust and their roles in maintaining a secure environment.
- Conduct regular security training sessions and workshops to enhance the security awareness and knowledge of employees across the organization.
Stakeholder Management and Collaboration – 20%
- Collaborate with senior management, business units, and technology teams to understand their requirements, align security objectives, and ensure the successful implementation of the Zero Trust Architecture.
- Engage with external partners, vendors, and industry peers to stay abreast of the latest security trends, technologies, and threats.
Key Relationships
Direct Reports to this Position.
- Manager, Information Security
- Senior Officer, Information Security
Customers of this Position:
- All Bank Staff
- SBM Group Management teams
- Internal and External Auditors
- Security and Fraud Managers, Investigators from the Police Service, Directorate of Criminal Investigation and BFID.
- Regulators such as Central Bank of Kenya, Capital Markets Authority, Insurance Regulatory Authority and any other regulatory bodies in Kenya.
Knowledge; Skills and Experience required for this Role
Education and Experience:
- Bachelor’s degree in Computer Science, Information Security, or a related field. Possession of MBA or M.Sc. will be an added advantage.
- Must possess at least one internationally recognizable IT security certification such as CISM, CISSP, CISA, CASP, MCSE CEH or Security+.
- Extensive experience (minimum of 8 years) in information security, including hands-on experience in designing and implementing security solutions in a complex environment.
- Proven experience in leading and managing security operations, incident response, and risk management teams.
- Experience in the financial industry or a similarly regulated environment is highly desirable
Technical Skills:
- In-depth knowledge of Information security principles, frameworks, and standards (e.g., NIST, ISO 27001, etc.).
- Strong understanding of Zero Trust Architecture principles, concepts, and implementation strategies.
- Familiarity with cloud security, network security, identity and access management, encryption technologies, and secure coding practices.
- Experience with security tools such as SIEM, DLP, IDS/IPS, and vulnerability management systems.
Competencies required for this Role
- Excellent leadership and people management skills with the ability to build and motivate high-performing teams.
- Strong analytical and problem-solving skills with the ability to make sound decisions in complex and high-pressure situations.
- Excellent verbal and written communication skills with technical and non-technical staff, end-users, and senior management.
- Strong teamwork skills to maintain strong working relationships within and outside Risk & Compliance division, to develop a results-oriented work environment.
- Excellent follow-up skills to see tasks through to resolution, and communicate problem status to end users such as notification of completion, notification of delay, and explaining rationale for IT related projects.
- Excellent organizational skills, prioritizing and managing multiple tasks.
- Offer and accept feedback and constructive suggestions.
Work Hours: 8
Experience in Months: 12
Level of Education: bachelor degree
Job application procedure
interested applicant please, Click here to apply
All Jobs | QUICK ALERT SUBSCRIPTION
