Governance, Risk and Compliance Specialist at Equity Bank Kenya

Job Purpose: 

As a Governance Risk and Compliance (GRC) Specialist, you’ll be responsible for strengthening our governance and compliance program to ensure adherence with information security regulatory requirements and industry best practices. You will partner across the organization, operations, and technology teams to implement tools and practices to enhance our processes related to third-party risk management, business continuity planning, controls assurance, and external auditor engagement.
 
Job Responsibilities:

• Establish standard repeatable practices to maintain a balanced security and compliance control framework that meets necessary regulatory and contractual requirements
• Ensure that necessary security due diligence of our vendor portfolio is maintained
• Act as the focal point for external auditor activity/assessments; driving accountability and efficiency across teams
• Influence and contribute to the policies, standards, and controls to drive efficient compliance controls
• Facilitates the processes necessary to ensure that we have effective business continuity to overcome physical, operational, or technology disruptions
• Work with internal stakeholders in the remediation of audit findings
• Partner with Human Resources, Legal, Finance teams, and other departments to ensure appropriate operational, technical, data privacy, and SOD controls are implemented and enforced
• Ensure compliance with society, regulatory, and industry standards for security and compliance
• Evaluate and develop Information Security Policies, Standards, Procedures, and Guidelines,
• Information Security Management Programs Development Execution & Compliance Monitoring,
• Perform Gap and/or Compliance Assessments against ISO/IEC 27001, GDPR, PCI-DSS, and other security standards,
• Implement Governance, Risk and Compliance Solutions,
• Deliver Security Awareness Trainings,
• Participate in customer meetings respond to RFI/RFP/RFQs and present solutions to prestigious multinational customers and partners.

Knowledge and Experience

• Bachelor’s Degree in Information Technology, Information Security/Assurance, Engineering, or similar area of study
• Certifications such as Cloud Security, CISSP, or CISA as well as technical certifications in Microsoft and Linux platforms are a plus.
• Minimum 3 years of experience in access management and 3rd Party reviews
• Familiarity working with and/or managing Governance, Risk, and Compliance (GRC) tools
• Experience in Big 4 is preferred with familiarity in the security audit process.
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Expertise with industry standard frameworks (ISO, NIST, PCI).
• Excellent communication and presentation skills, both verbal and in writing and an ability to build a network and to collaborate with various teams.

Key Critical Competencies

• Proficient in preparation of reports, dashboards, and documentation
• Excellent communication and leadership skills
• Understanding of regulations, standards and operating procedures
• Ability to handle high pressure situations with key stakeholders
• Good Analytical skills, Problem solving and Interpersonal skills
• Deep knowledge of Bank’s infrastructure, networks, and systems
• Budgets/ Financial Input
• Contribute to ensuring the budgets are adhered to and cost savings on various initiatives.  

Closing: July 7, 2022