Senior Manager Information Risk & Cyber security
Job Purpose
The Information and Cyber Security Senior Manager will safeguard the organization’s information systems by implementing tools, for identification, assessment and monitoring of Informational risks in line with Bank ICT risk management policies i.e. assess data from unauthorized access, threats, vulnerabilities, self-assessment (RCSA), Key Risk Indicator and Control testing procedures and ensure that all the ICT control systems are properly documented to ascertain effective mitigations. The role involves developing, implementing, and maintaining security measures to protect the organization's information assets, as well as responding to security incidents.
Main Responsibilities
Conduct regular risk assessments to identify vulnerabilities in the organization's systems and networks and support ICT to develop and implement risk mitigation strategies and controls to prevent cyber treats.
Develop, implement, and enforce security policies, procedures, and standards to ensure compliance with relevant regulations and industry standards (e.g., GDPR, ISO 27001. data protection and privacy law, Cyber security regulation).
Monitor and protect network and system infrastructure from cyber threats by overseeing the implementation and management of firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) including but not limited to management of security information and event management (SIEM) systems.
Develop and maintain incident response plans by leading and coordinating the response to security incidents, including investigation and remediation and conduct post-incident analysis and prepare reports to senior management.
Develop and deliver security awareness training for employees to promote a culture of security awareness throughout the organization.
In liaison with data protection officer, Implement and manage data protection measures to secure bank’s sensitive information and ensure data privacy compliance and protect customer and employee information.
Perform regular security and vulnerability assessments coordinate red team assessment or penetration testing and follow up on remediation actions.
Assess and evaluate security technologies tools capability to prevent cybersecurity threat and report to senior Management and Stay updated with the latest security technologies, trends, and threats.
Collaborate with IT and other departments to ensure comprehensive security strategies and communicate security issues and risks to executive management and other stakeholders.
Conduct pre- and post-implementation review of ICT or ICT related projects and attend time to time ICT departmental Operational risk and compliance (DORCCO) meeting month to month and act as focal person between IT and risk.
Daily Responsibilities
Ensure that all Informational databases and management portals are up and running
Conduct research on the risks associated with new system solutions to be implemented by the bank
Review of information risk reports for Kenya and subsidiaries to ensure conformity with the bank’s standards and guidelines.
Assist in solving business queries that are technical related and affect the Information Systems.
Documentation and tracking of ICT incidents.
Educational qualifications and work experience:
Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field
Professional certifications such as CISSP, CISM, CEH, CompTIA Security+, etc.
Three (3) Years’ experience in Risk Management, Banking Operations, and Information Technology
