Cyber Security Incidence Response Manager at Equity Bank Kenya

Job Purpose: 

The Cyber Security Incident Response Manager (CSIRM) will be responsible for managing the end-to-end Cyber Incident Response Lifecycle across the Group.  This role will be part of a fast-paced Group Cyber Defense Operations within the Group Information Security Department.

Job Responsibilities/ Accountabilities:

• Cyber Incident Response Planning and Preparation: The candidate will be required to be incharge of the process of maintaining and improving incident response capabilities and preventing incidents by ensuring that systems, networks, applications, and data handling processes are sufficiently secure, and employee awareness training is in place.  The CSIRM will ensure practice exercises (Table-top Exercises) for the CIRT (Cyber Incident Response Team) are conducted periodically, where various incident scenarios are presented to the Team in a practice session. 
• Cyber Incident Identification: The CSIRM will facilitate the process of confirming, characterizing, classifying, categorizing, scoping, and prioritizing suspected incidents as per the Group Incident Response Policies and Procedures.
• Cyber Incident Notification: The CSIRM will ensure alerting of CIRT members to the occurrence of an incident and communicating throughout the incident to the relevant stakeholders. 
• Cyber Incident Containment: The CSIRM will proactively play a critical role in containment of cyber incidents to ensue minimization of financial and/or reputational loss, theft of information, or service disruption. The CSIRM ensure prompt communication briefs to the Group CISO on any Cyber Incident occurrence. The CSIRM will also coordinate communication with relevant stakeholder(external and Internal) as par the Bank’s Communication policies if and when required.
• Cyber Breach Eradication and threat Elimination: The CSIRM will coordinate all aspects of threat eradication through thorough identification of all affected assets, elimination of artifacts of the incident (e.g., removal of malicious code, re-image infected systems) and mitigating the vulnerabilities or other conditions that were exploited. This will also ensure that Forensics artifacts are well maintained and preserved asp er the Bank’s Digital Forensics Policies and Procedures.
• Recovery: The CSIRM will coordinate and ensure restoration of services to a normal state of operation and the resumption of business activities quickly and securely as per the SLAs.
• Post-incident Activities: The CSIRM will be tasked to assess the overall response effectiveness and identify opportunities for improvement through, ‘lessons learned’ or mitigation of exploited weaknesses. This will also include continuous incorporation of incident’s learnings into the cyber fortification efforts and the response plan, as appropriate.
• Other Duties may include assisting the Bank’s Communication team with relevant information that will assist in reputational repair measures, if needed.

Key Critical Competencies

• Business awareness
• Threat and cybersecurity competencies
• Strong analytical skills and problem solving skills
• Excellent planning skills
• High personal standards and goal oriented
• Deep knowledge of Financial Institution's infrastructure, networks and systems

Required Skill and Certifications

• Bachelor’s Degree in Information Technology, Information Security/Assurance, Engineering or similar area of study;
• Hold at least one relevant industry certifications (GCIH, GCED, CISSP, CISA, CISM, etc.)
• Minimum 5 years Security leadership, with experience running and managing incident playbooks.
• Minimum 3 years of experience working in a SOC environment and working knowledge of all managed controls and services. (added advantage)
• Relevant industry certifications or relevant technology vendor certifications
• Personnel and resource management experience
• Strong knowledge of Cyber Security forensics, project management, change management, technology implementation and risk analysis strategy
• Proficient at professional communication and documentation of processes and procedures