Cybersecurity SOC Analyst at Family Bank Ltd

Job Purpose:

Assist the CISO in monitoring the Family Bank IT estate and ecosystem by proactively detecting cybersecurity events in a timely fashion in order to secure the bank’s assets from unauthorized access, loss or damage.

Key Responsibilities:

• Assist the CISO to gather, analyze and maintain a current enterprise-wide knowledge base of the Bank’s users, devices, applications and their relationships, including but not limited to: Software and hardware asset inventory; Network maps (including boundaries, traffic and data flow) Network utilization and performance data.
• Conduct security monitoring the Bank’s IT estate to identify anomalies in a timely fashion.
• Assist in implementing the institution’s cybersecurity program and enforcing the cybersecurity policy.
• Assist in entrenching and reinforcing of bank-wide cybersecurity awareness culture.
• Assist in the sustenance of the cybersecurity risk champions program.
• Assist the CISO to regularly update the Bank’s network architecture and data flow diagrams based on changes made by ICT.
• Regularly review and ensure all servers, routers, switches, firewalls and user PCs are up to date with the latest patches, antivirus.
• Conduct daily (as per work schedule) network monitoring to ensure only authorized traffic is allowed.
• On a regular basis carry out penetration tests and vulnerability assessments to ensure IT systems are secure and reports to CISO on significant trends and vulnerabilities.
• Champion resolution of issues raised on ICT audits, self-assessments on ICT, project and reputational risk.
• Assist to conduct root cause analysis on any risks exposures noted to ensure no repeat instances arise.
• Where applicable conduct new product system security assessments for potential exposures to risks.
• Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
• Detect, report, respond, contain and mitigate incidents that impair adequate data and infrastructure security.
• Assist to constantly assist to update the security systems to deal with new threats. This involves staying abreast of technology news, researching new antivirus technology and new safety protocols.
• Prepare daily dashboard on the anomalies noted cybersecurity event monitoring.
• Detect, report, respond, contain and mitigate incidents that impair adequate data and infrastructure security.
• Immediately report to the CISO on detected ICT and Information Security incidents.
• Follow up for closure of audit issues raised and aversion of repeat incidences.
• Ensure the bank’s compliance with data protection act of 2019 and prudential guidelines on cybersecurity and any other existing or emerging regulatory requirements.
• Attend MARCO and departmental meetings as may be required.
• HR Department Doc. IJA
• Assist in the evaluation and recommendation for tools and solutions that provide security functions.
• Any other official duties that may be allocated from time to time by management.

The Person:

The ideal candidate must possess the following:

Qualifications

• A Bachelor’s degree holder in Computer science, IT or related field.
• Experience in general IT operations such as system administration, IT support, Network administration, database administration etc.
• A good understanding of the relevant legislative requirements especially the Banking Act and Central Bank of Kenya (CBK) prudential guidelines.
• Experience in a financial institution will be an added advantage.
• Professional information security certification: CEH/CISM/CISA/CISSP/CCNA/CCNP will be an added advantage

Key Competencies and Attributes

Interpersonal:

• High level of integrity.
• Strong analytical capabilities and problem solving skills to interpret data and draw conclusions.
• Self-driven and willingness to work odd hours.
• Excellent project management and planning skills.
• Able to work with data to derive insightful reports and make recommendations
• Solution oriented.
• Strong people, communications and negotiation skills
• Self-starter, passionate and instrumental in ideas generation and execution
• Ability to train, motivate and develop staff