Summary
Date Posted: Friday, December 02, 2022 , Base Salary: Not Disclosed

JOB DETAILS:

JOB SUMMARY
The role-holder is responsible for managing Information security solutions implementation, architecture and cyber security strategy of the bank. The individual would be involved in the identification, analysis, evaluation, life-cycle management and adoption of security technologies and would be entrusted with providing guidance on security features and controls for IT solutions deployed in the Bank.

KEY RESPONSIBILITIES
FINANCIAL - 10%
• Ensure that the Bank is protected and least exposed to fraud losses by implementing technology prevention and detection measures.
• Develop and design Information Security Strategy that ensures IT control procedures are in place for technology and information systems that affects the management of IT processes such as change management, disaster recovery and security.

CUSTOMER - 40%
• Documents, disseminates and maintains the system risk governance methodology, the Information Security Policy, Standards and procedures in line with minimum Baseline Security Standards set, regulatory requirements and industry best practices.
• Maintains and enforces the IT systems risk management and Information Security risk management framework/methodology.
• Promotes and continuously improves IT systems risk-related activities and controls.
• Assisting to address any regulatory, legal and commercial obligations and challenges that may arise.
• Communicates regularly with management to ensure support for the information security program and IT related projects.

OPERATIONAL - 30%
• Creates and manages an enterprise-wide Information Security awareness campaign by providing training.
• Identifies and analyzes system vulnerabilities in order to manage and mitigate risks.
• Establishes, reviews and verifies Information Security risk related policies, standards and procedures documentation on a regular basis. Monitors and records in the IT security risk register compliance with the Security Standards, Policies and architecture.
• Ensures proper information security clearance is undertaken in accordance with established bank information security policies and procedures.
• Performs or organizes the system risk assessments and gap analysis for all technologies, products, services and new departments/functions introduced via selected vendors.
• Proactively identifies technology risks via timely analysis and development of appropriate metrics and other key risk indicators, information security assessments, review of requests for policy or standard exceptions and health check results.
• Implements Information Security tools and methods necessary to support the bank’s Information Security Strategy.

 LEADERSHIP - 20%
• Develops and reports appropriate Technology Security metrics to executive management for information, awareness and decision making.
• Manages on a regular basis all outsourced security information vendors of the Bank in relation to the agreed SLAs and contractual agreements.
• Coordinates the communication of the information security awareness campaign to all members of staff.
• Coordinate with all IT security vendors, external auditors, user departments and executive management to review and enhance information security management posture in the Bank.

KEY RELATIONSHIPS
• Direct Reports to this Position
• Assistant Manager, Information Security
• Senior Officer, Information Security
• Customers of this Position
• Information Technology team
• Bank Management teams
• All Staff
• SBM Group Management teams
• Auditors both internal and external
• Security and Fraud Managers, Investigators from the Police Service, Directorate of Criminal Investigation and BFID.
• Regulators such as Central Bank of Kenya, Capital Markets Authority, Insurance Regulatory Authority and any other regulatory bodies in Kenya.

Knowledge; Skills and Experience required for this Role
• A Bachelors of Science degree in Computing or related degree from a recognised University.
• Possession of MBA or M.Sc. will be an added advantage.
• Must possess at least one internationally recognizable IT security certification such as CISM, CISSP, CISA, CASP, MCSE CEH or Security+.
• A minimum of 5 years’ experience in Information Technology, three (3) of which must be in IT Security Management with hands on experience in:


Work Hours: 8

Experience in Months: 60

Level of Education: Bachelor Degree

Job application procedure
Interested and qualified? Go to SBM Bank on www.sbmbank.co.ke to apply


All Jobs

QUICK ALERT SUBSCRIPTION