Application & Infrastructure Security Officer at Co-operative Bank of Kenya

Reporting to Head – ICT Security Operations, the role holder will enforce security policies to protect the organization’s computer infrastructure, networks and data by identifying vulnerabilities caused by weaknesses or flaws in software and hardware that could expose the infrastructure to a security breach. He/she will evaluate the effectiveness of existing security measures, such as firewalls, password policies, and intrusion-detection systems, and make recommendations to improve security based on their assessments and knowledge of current and emerging threats.

The Role

Specifically, the successful jobholder will be required to:

• Develop and maintain a prioritized asset and applications register of all ICT assets in the bank.
• Configure reviews across infrastructure devices, servers, and databases to ensure that a threat-aware approach to systems and infrastructure setup is adopted. 
• Enforce policies, secure configurations, and rulesets that will enforce the protection of data and limit user access as appropriate. Ensure all bank systems are appropriately hardened to enforce the protection of data.
• Enforce patch management across all enterprise systems. Ensure that all systems are regularly updated and report on discrepancies based on criticality.
• Ensure firewalls, switches and other infrastructure are up to date and are running optimized security configurations and policies.
• Conduct regular penetration testing exercises on the Bank’s infrastructure to ascertain the robustness of the security configurations and deployed tools in line with regulatory recommendations.
• Certify all system configurations are secure and that adequate security controls are in place before any system goes live.  Act as the Change & Configuration Manager and work with technical teams, and service managers to ensure systems promoted to live are compliant to internal policy.
• Coordinate and conduct red team tests with the SOC/risk team to assure on IOC (indicators of compromise) detection capabilities.
• Communicate security risk through documentation, conversation, and presentations with the objective of driving awareness and informed decision-making for the ICT team.

Skills, Competencies and Experience

The successful candidate will be required to have the following skills and competencies:

• An IT-related bachelor’s degree or business-related degree with relevant IT Security professional qualifications i.e. Cisco Certified Network Associate (CCNA)/ Certified Information Systems Auditor (CISA) certification/ Certified Information Systems Security Professional (CISSP) CCIE (Security), CEH, CHP or other relevant security certifications.
• At least 3 years of experience in leading ICT Security Services Strong knowledge of security architectures and technologies including assessment, methodologies, compliance standards, etc.
• Knowledge of security standards and compliance like PCI, HIPAA, Sarbanes Oxley, ISO 27001, NIST, CSF, COBIT, ITIL, SANS 20
• Good understanding and knowledge of security assessment, vulnerability management, penetration testing methodologies, and toolsets
• Working knowledge and experience in penetration testing and vulnerability assessments
• Knowledge of common cybersecurity threats and sources of cybersecurity information
• Good understanding and knowledge of risk assessment, risk procedures, security assessment, vulnerability management, penetration testing
• Excellent business relationship, interpersonal communication, presentation, and stakeholder management skills