Job Description
Reporting to the Group Chief Technology Officer, the purpose of the role is to safeguard KCB critical information systems against external aggression from cyber-attacks; respond to, resolve, and recover from Cyber/IT Security incidents and attacks through proactive security incidence monitoring.
Key Responsibilities
• Establishing and maintaining KCB Group’s cybersecurity vision, strategy, and program to ensure information assets and technologies are adequately protected and defended.
• Developing and enforcing cybersecurity policies, standards, and procedures to ensure proper operations and maintenance of Technology assets.
• Ensuring the properties of security, authenticity, accountability, non-repudiation and reliability of information and information processing systems are preserved.
• Promoting user awareness of good cybersecurity practices, current threats, and the Group’s cybersecurity policies & procedures among all Group employees, vendors, and customers.
• Incident Handler in the Group’s Cybersecurity Incident Response and Recovery Team (CIRRT).
• Identifying and assessing ICT risks in conjunction with other departments in Technology Division, Group control functions and lines of business to determine their materiality.
• Implementing appropriate transparency/escalation of all significant ICT risks as appropriate through regular reports to executive management, and priority notifications to ensure minimum exposure to ICT risk.
• Ensuring appropriate action plans and delivery dates are in place to address material risks and any open internal or external audit items or regulatory issues and tracking these actions to completion.
• Providing guidance within Technology Division on topics related to ICT risk management such as achieving compliance with internal policies, regulatory requirements, and international standards in order to remain within the risk appetite of KCB Group.
• Implementing technical controls in support of the Group Data Privacy programs.
The Person
For the above position, the successful applicant should have the following:
• BSc. Information Technology / Computer Science / Telecommunications / Engineering or related field.
• At least one certification from the list below:
• CISSP: Certified Information Systems Security Professional.
• CISA: Certified Information Systems Auditor.
• CISM: Certified Information Security Manager.
• CCISO: Certified Chief Information Security Officer.
• 10 years progressive working experience with at least 8 years’ experience in:
• Information Security Management
• Governance, Risk Management and Compliance
• Security Architecture and Engineering
• Security Program Management and Operations.
• Experience in Communication and Network Security, Identity and Access Management, Software Development, Security Assessment and Testing.
The above position is a demanding role for which the Bank will provide a competitive remuneration package to the successful candidate. If you believe you can clearly demonstrate your abilities to meet the criteria given above, please log in to our Recruitment portal and submit your application with a detailed CV.
To be considered your application must be received by Tuesday 27th June 2023
Qualified candidates with disability are encouraged to apply.
Only short-listed candidates will be contacted.