Background information about the job or company (e.g., role context, company overview)

The Central Bank of Kenya is a public institution established under Article 231 of the Constitution of Kenya, 2010. The Bank is responsible for formulating monetary policy to achieve and maintain price stability and issuing currency. Pursuant to the CBK Act, the Central Bank promotes financial stability through regulation, supervision and licensing of fin...

Responsibilities or duties

The role holder will be responsible for evaluating and assessing the effectiveness, efficiency, and security of the Information Technology Systems and processes of the licensed institutions to ensure compliance with, regulatory requirements, best practices and industry standards.

Qualifications or requirements (e.g., education, skills)

Bachelor’s Degree in Mathematics, Actuarial Science, Statistics, Engineering, Data Science, Computer Science, Economics, Finance or related discipline from a reputable university.

Certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Public Accountant (CPA) with IT audit experience or related discipline

Active membership in at least one (1) relevant professional body.

Experience needed

At least two (2) year post-qualification experience in Prudential/Bank Supervision, ICT, Engineering, Project Management, Statistics, Actuarial Science, Financial Analysis, Auditing, Accounting, Commercial Banking operations and any other relevant area.

• Contributes as appropriate to the overall achievement of the Central Bank’s strategic objectives.
• Conduct regular inspections and examinations of Financial Institutions’ ICT systems, evaluating their adherence to internal policies, regulatory guidelines, and best practices.
• Review systems for effectiveness in preventing fraud, money laundering, and ensuring financial integrity.
• Assess Disaster Recovery, Business Continuity Planning, and Incident Management procedures in place within institutions.
• Assess the adequacy of ICT and information systems operations of Financial Institutions, ensuring compliance with regulatory requirements, security protocols, and sound operational practices.
• Evaluate the ICT infrastructure, Applications, and Security Systems to assess their adequacy in supporting Financial Operations, Security, and Regulatory Compliance.
• Review and provide recommendations on approval of the introduction of innovative products and requests to outsource ICT services by financial institutions.
• Review external ICT audit, vulnerability assessment and penetration testing reports submitted by Financial Institutions and enrich the institution’s risk profile based on the findings.
• Ensure that Financial Institutions comply with CBK Prudential Guidelines and Regulations, Risk Management Guidelines, Data protection laws, and international standards related to IT systems and Cybersecurity (e.g., ISO 27001, NIST, Basel Committee guidelines).
• Identify and assess emerging risks related to ICT systems, such as Cybersecurity threats, operational vulnerabilities, and technology governance issues.
• Provide guidance and support to Financial Institutions to improve their IT systems, security practices, and Risk Management frameworks.
• Contribute to the development and refinement of regulatory policies, frameworks, and guidelines related to IT governance, Cybersecurity, and Technology Risk Management within the Financial sector.
• Keep abreast of Technological trends, Cybersecurity threats, and Innovations in Financial Services technology to ensure the CBK’s regulatory frameworks remain relevant and effective.
• Monitor ongoing technological advancements in Financial Institutions and evaluate their impact on the Financial system’s stability.
• Any other responsibility as may be assigned by the Line Manager.

• Bachelor’s Degree in Mathematics, Actuarial Science, Statistics, Engineering, Data Science, Computer Science, Economics, Finance or related discipline from a reputable university.
• Certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Public Accountant (CPA) with IT audit experience or related discipline
• Active membership in at least one (1) relevant professional body.