ICT Risk Projects Officer at Co-operative Bank of Kenya

• Be actively involved and provide risk & security guidance during technology projects, systems deployment, upgrades and changes.
• Proactively provide ICT security & risk requirements for incorporation in Business Requirements Documents, Functional Specifications Documents & RFPs of new ICT systems.
• Proactively participate in technical solution design for new systems, ensuring that security requirements are well defined.
• Perform vulnerability assessments & penetration tests on new Bank systems, applications and technology, identifying vulnerabilities and recommendations on closure of these vulnerabilities, prior to new systems go-live.
• Perform a fraud risk assessment on new systems and processes within the project scope and provide recommendations on countermeasures.
• Ensure interfaces for new systems are secured from intrusion, and user activities in new systems are detailed, traceable and logged.
• Pro-actively provide guidance on security tools required to effectively manage and control Bank systems.
• Pro-actively perform risk assessments for ongoing ICT projects and prepare risk reports for new systems & projects in readiness for Change Approval Board meetings.
• Proactively develop and constantly review system Minimum Baseline Security Requirements for new ICT systems & projects.
• Regularly provide recommendations to ICT leadership on areas of improvement towards securing ICT systems.
• Provide information security training & awareness to ICT systems project teams (Systems development teams, project managers, business analysts)
• Maintain ICT risk registers for ICT projects and submit periodical and ad-hoc reports as required by HOD and Chief Risk Officer.
• Ensure strict adherence to all regulations, statutes, standards, practices and all internal processes and procedures as per the relevant manuals and comply with all relevant external legislation and regulations with regard to compliance requirements.

Qualifications

• Bachelor’s degree in Information Technology or related fields.
• 3 years prior experience in information security or systems audit function. Experience in the Banking industry will be a value add.
• Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) certification. IT security and risk certifications e.g. CISSP, CRISC, CEH, etc. will be an added advantage.
• Experience in system propagated forensic investigations will be an added advantage.
• Good understanding of project management methodology and concepts and a good appreciation of risk, systems security control processes.
• Detailed knowledge of the Bank’s Operating procedures and good knowledge of the Bank’s products and services.
• Understanding of Information Systems architecture and operational practices as well as good grasp of Information Security and control objectives with an appreciation of audit methodologies.
• Experience in performing analytical roles in complex business environments.
• Advanced computer skills including IT skills, word, excel, power point.
• Training in IT infrastructure and operating systems.
• Training in Implementing Information security policies.