Information Security Officer at Jamii Bora Bank

• Teamwork: ”We work together to make Jamii Bora better”
• Innovation: “We are driven by creativity, innovation and continuous improvement”
• Professionalism: “We are qualified, skilled and committed to serve our customers”
• Integrity: “How we do business is as important as the business we do so we do the right thing always”

Key Responsibilities

• Review of JBB’s critical systems, recommendation and implementation of appropriate and adequate IT security controls to mitigate and minimize information security risks. Continuous review of controls in place to identify and close gaps and provide continuous assurance on the security of the bank’s information systems
• Consistency in achieving compliance requirements, optimal efficiency and cost containment with regard to information systems security
• Robustness of the bank’s information system security and effectiveness of systems (policies, processes, procedures and tools) in escalating and investigating with IS security violations

Main Activities

• Develop and maintain the JBB strategic information security program and plan, taking into consideration business and legal requirements, risk (likelihood and impact), and criticality; and building consensus among stakeholders
• Develop, maintain and enforce JBB information and cyber security policies and practices designed to protect sensitive corporate assets, ensure data privacy, and comply with laws and regulations, including the Payment Card Industry (PCI), CBK and other applicable privacy laws
• Develop, maintain and enforce JBB information security policies and procedures, for example: Identification of sensitive data and policies/practices regarding the identification of sensitive data as well as practices for information labeling, handling and storage
• Ensure technology solutions adhere to best practices and meet security requirements, including Software-as-a Service (SaaS) contracts, Infrastructure-as-a-Service (IaaS) contracts, Platform-as-a-Service (PaaS) contracts and customized software development solutions
• Manage contractors and outsourcers providing information technology services to JBB, including managed security services, infrastructure engineering, operations, desktop support, and software development to ensure compliance with JBB policies and requirements
• Ensure contracts with third parties contain appropriate security language, including data privacy and protection language required. Develop, maintain and manage a third party security assessment program for key vendor relationship and third party providers
• Manage the JBB Incident Response Plan. Perform incident response planning, including developing, maintaining and enforcing the JBB Incident Response Plan in addition to managing security incidents if/when they occur. This would include coordinating incidents, if applicable, with associated third party providers and, if applicable, multiple regulatory organizations and stakeholders
• Perform continuous reviews of users of systems with emphasis on exits, joiners and internal movements, and take appropriate corrective actions where there are deviations. Liaise with business heads to continuously confirm and update rights and privileges of users in the bank by maintaining the user matrix and ensuring integrity as per laid won procedures
• Perform continuous review of systems, including technical penetration testing and vulnerability assessment of systems. Communicate finding with IT management and follow up issues to closure
• Perform daily reviews of logs and audit trail of key and critical JBB systems as per the program of work
• Provide IT security support for the IT related projects carried out during the year, ensuring compliance with JBB policies and best practice
• Provide IT security support to Security Services and Internal Audit
• Carry out on effective information security awareness program in the bank
• Keep abreast of the fast changing information systems exposures/ threats and ensure that adequate and up to date information systems security measures are in place for the maximum protection of JBB information assets
• Carry out information security assignments as will be allocated from time to time by the Head of Enterprise Risk & Compliance

Qualification and Experience Requirements

• University degree in Computer Science or Information Technology
• Minimum 5 years working experience, with at least 2 years’ experience in a busy IT environment
• One industry Security Certification such as a valid and current CISSP, CISA or CISM certification is mandatory
• Working Knowledge of SQL data base, Linux security tools
• Working technical knowledge of ATMs will be an advantage
• Experience in audit of systems will be an advantage
• Working experience with Intrusion detection systems and SIEMs solution
• Solid Knowledge of information security objectives, principles and practices
• Experience in development and implementation of relevant polices
• Experience in penetration and vulnerability testing is preferred
• Experience in network management, Database management, banking systems and other business applications is preferred i.e. SQL data base, Linux and windows