Empowering Africa’s tomorrow, together…one story at a time.

With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

My Career Development Portal: Wherever you are in your career, we are here for you. Design your future. Discover leading-edge guidance, tools and support to unlock your potential. You are Absa. You are possibility.

Job Summary

To provide specialist advice & support in the development & implementation of IT security service delivery processes, methods and techniques enabling secure management & control of IT access, in alignment with governance requirements.

Job Description

Cyber Security Specialist

Job Purpose:

To drive IT Risk compliance which ultimately ensures that all the Bank’s management data, processes, risks and controls are effectively operating. Ensure that all cybersecurity activities and duties are carried out in full compliance with regulatory requirements, Enterprise wide Risk Management Framework and internal Absa Policies and Standards. Understand and manage cyber security risks and risk events.

Key Accountabilities

Accountability – 60%

• Assessing the risks and exposures related to cybersecurity and aligning to the Bank’s risk appetite.
• Monitoring current and emerging risks and changes to laws and regulations for appropriate actions.
• Collaborating with stakeholders charged with safeguarding the information assets at Absa to ensure appropriate control design and configurations.
• Maintain comprehensive cyber risk registers: Key cybersecurity risks should be regularly identified and assessed. Risk identification should be forward looking and include the security incident handling.
• Ensure implementation of the cyber and information risk management strategy including cyber risk policies and standards.
• Safeguarding the confidentiality, integrity and availability of information asset and Technology platforms.
• Prepare Cyber Security Posture reports for submission to the various risk committees.
• Run the vulnerability management program to ensure vulnerabilities are identified, prioritized, and remediated on time.
• Engage with stakeholders across the Absa Group to motivate and drive remediation of vulnerabilities and identified issues.
• Engage with Project Management teams to ensure all new projects are security assessed and in line with the bank’s cyber security policies and standards.
• Coordinate penetration test, red team and audit engagements with both internal and external assessment teams.
• Respond to Cyber security incidents in coordination with the Group Incident Response and Forensics team.
• Report Cyber security incidents to the regulator as specified in the prudential guidelines.

Accountability - 20%

• Implement parameters to measure Cyber risks exposure.
• Monitoring adherence to cyber risks policy & standards to drive remediation measures.
• Reporting all cyber risks consistently and comprehensively to the senior leadership & relevant stakeholders to facilitate appropriate decisions.

Accountability- 10%

• Coordinate Cybersecurity awareness activities across the bank from strategic, technical, and general sensitization.
• Create Cybersecurity awareness circulars for customers.
• Coordinate cybersecurity awareness for the Board members.

Accountability - 10%

• Research on emerging cybercrime trends and gathering threats intelligence for onward sharing.
• Coordinate red team exercises.
• Coordinate penetration testing activities for new and existing applications and infrastructure.

Risk and Control objective

Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise-Wide Risk Management Framework and internal Absa Policies and Policy Standards.

Understand and manage risks and risk events (incidents) relevant to the role.

Preferred Qualification

• B-degree in (Computer Science / Information Technology) (NQF level no.)
• CISSP / CISM / CEH or equivalent certification.

Preferred Experience

• At least 5 years technical experience.

Knowledge and Skills

• Proficiency with Linux and Windows operating systems
• Network monitoring
• Vulnerability Assessment and Penetration Testing
• Risk Assessment
• Incident Response
• Data Analysis and Reporting

Absa Bank Kenya is an equal opportunity, affirmative action employer. Preference will be given to suitable candidates from designated groups whose appointments will contribute towards the achievement of equitable demographic representation of our workforce profile and add to the diversity of the Bank.

• Assessing the risks and exposures related to cybersecurity and aligning to the Bank’s risk appetite.
• Monitoring current and emerging risks and changes to laws and regulations for appropriate actions.
• Collaborating with stakeholders charged with safeguarding the information assets at Absa to ensure appropriate control design and configurations.
• Maintain comprehensive cyber risk registers: Key cybersecurity risks should be regularly identified and assessed. Risk identification should be forward looking and include the security incident handling.
• Ensure implementation of the cyber and information risk management strategy including cyber risk policies and standards.
• Safeguarding the confidentiality, integrity and availability of information asset and Technology platforms.
• Prepare Cyber Security Posture reports for submission to the various risk committees.
• Run the vulnerability management program to ensure vulnerabilities are identified, prioritized, and remediated on time.
• Engage with stakeholders across the Absa Group to motivate and drive remediation of vulnerabilities and identified issues.
• Engage with Project Management teams to ensure all new projects are security assessed and in line with the bank’s cyber security policies and standards.
• Coordinate penetration test, red team and audit engagements with both internal and external assessment teams.
• Respond to Cyber security incidents in coordination with the Group Incident Response and Forensics team.
• Report Cyber security incidents to the regulator as specified in the prudential guidelines.
• Implement parameters to measure Cyber risks exposure.
• Monitoring adherence to cyber risks policy & standards to drive remediation measures.
• Reporting all cyber risks consistently and comprehensively to the senior leadership & relevant stakeholders to facilitate appropriate decisions.
• Coordinate Cybersecurity awareness activities across the bank from strategic, technical, and general sensitization.
• Create Cybersecurity awareness circulars for customers.
• Coordinate cybersecurity awareness for the Board members.
• Research on emerging cybercrime trends and gathering threats intelligence for onward sharing.
• Coordinate red team exercises.
• Coordinate penetration testing activities for new and existing applications and infrastructure.
• Ensure that all activities and duties are carried out in full compliance with regulatory requirements, Enterprise-Wide Risk Management Framework and internal Absa Policies and Policy Standards.
• Understand and manage risks and risk events (incidents) relevant to the role.

• Proficiency with Linux and Windows operating systems
• Network monitoring
• Vulnerability Assessment and Penetration Testing
• Risk Assessment
• Incident Response
• Data Analysis and Reporting

• B-degree in (Computer Science / Information Technology) (NQF level no.)
• CISSP / CISM / CEH or equivalent certification.