Deputy Manager, IT Risk and Compliance in Risk and Compliance Division at Central Bank of Kenya

Job Purpose

This role provides independent oversight and challenge of technology and cyber risks across the Bank. The role strengthens the IT risk management framework and control environment by ensuring alignment with best practice standards, regulatory expectations, and the Bank’s risk appetite. It involves proactive risk identification, assurance activities, and engagement with stakeholders to embed a risk-aware culture in technology decision-making.

Key Duties and Responsibilities

• Provide expert risk advice on existing technology and cyber risks, including digital transformation initiatives, cloud, and AI.
• Identify emerging technology and cyber risks and assess their potential impact on the Bank’s operations and mandate.
• Support and challenge first-line enterprise technology risk assessments, ensuring completeness, accuracy and alignment with the Bank’s risk appetite.
• Perform independent design reviews of key IT general controls, including access management, segregation of duties, change management and configuration controls.
• Review IT risk policies, standards and guidelines aligned to ISO, NIST and other relevant frameworks.
• Review the effectiveness of incident and problem management processes, supporting root cause analysis and identification of control improvements.
• Engage with IT and business stakeholders to promote risk-aware decision-making.
• Prepare clear and insightful IT risk reports for governance forums, tracking remediation actions to closure.

Qualifications

• Bachelor’s degree in Information Technology, Computer Science, Information Systems or related discipline.
• Professional certifications such as CISA, CRISC or equivalent is mandatory.
• Additional training in cyber security is an added advantage.

Work Experience

• Minimum of five (5) years’ experience in IT risk, cyber risk, IT audit or technology assurance roles in an organization of similar size and complexity.