Head Information Systems Security at National Bank of Kenya

Job Ref No. HR/034/2018

Division: ICT

Reporting to: Director- ICT

Position Scope:

Reporting to the Director ICT, the successful candidate will be responsible for driving the implementation of Information Systems Security Strategy whilst protecting the Bank from security/cyber threats. He/She will be expected to provide continuous independent assurance on the Bank’s information systems security, specifically on integrity, confidentiality and availability of information by ensuring appropriate security controls are in place to protect the Bank’s assets from information security related risks while at the same time managing compliance with the Bank’s information security policy and regulatory standards.

Key Responsibilities:

• Take part in developing and enforcing IT Security policies, standards and procedures to ensure proper operations and maintenance of the IT assets
• Managing the daily operation and implementation of the IT security strategy
• Performing IT security risk assessments and reporting on ways to minimize threats and identifying areas for improvement
• Audit and monitoring of internal and external information security infrastructure, including but not limited to Firewalls, Proxy Servers, Anti-Virus, E- mail security applications, Intrusion Detection Software
• Devising strategies and implementing IT solutions to minimize the risk of cyber-attacks
• Monitoring security vulnerabilities and hacking threats in the Bank network and host systems
• Tracking latest IT security innovations and keeping abreast of latest cyber security technologies
• Communicating with key stakeholders about IT security threats
• Implementing an effective process for the reporting of security incidents
• Overseeing the investigation of reported security breaches
• Developing strategies to handle security incidents and trigger investigations
• Developing and implementing business continuity plans to ensure service is continuous when a change programme is introduced or a security breach occurs or in the event that the disaster recovery plan needs to be triggered
• Take part in IT change projects and advise on how to build new IT capabilities
• Delivering new security technology approaches and implementing next generation solutions
• Overseeing the management of the IT security department, giving leadership to the team and developing staff
• Ensuring the Bank complies with all existing policies/regulations and compliance requirements
• Championing and educating all internal stakeholders about the latest security strategies and technologies
• Protecting the intellectual property of the Bank at all times
• Advising the Director ICT and the senior management team on IT security

Education Qualifications, Skills & Experience

• Bachelor’s Degree in Computer Science, Information Systems, Information Security or related field from a recognised University.
• Must possess professional qualifications such as CISA, CCNA, MCSE, CISM and Ethical Hacking.
• At least eight (8) years’ working experience in IT of which five (5) years should have been in administering IT security controls in an organization – preferably financial institution at management level.
• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
• Experience with IPS/IDS and SIEM technology.
• Experience in leading and managing teams.
• Excellent communication skills
• Analytical mind capable of managing numerous information sources and providing data analysis reports to senior management.