Head – ICT Risk and Control at Co-operative Bank of Kenya

Reference Number: H–R&C/IID/2022

Reporting to the Chief Risk Officer, the role holder will be required to provide leadership and continuous independent assurance on the bank’s Information Security risks as regards confidentiality, integrity and availability of the IT infrastructure, processing systems and related resources in line with the Bank Information Security Policies.

The Role 

Specifically, the successful jobholder will be required to:

• Provide leadership and direction on technology risks and controls and recommend corrective controls. 
• Research Industry trends on technology risks, Proactively assess, detect, and identify system threats and formulate corrective actions and controls.
• Proactively ensure that the Bank complies with all technology-related legal and regulatory requirements 
• Review of operating and information systems to ensure that they support business functions in a controlled manner, identify issues that represent risks to the business, report findings and prepare reports for management information
• Development of and involvement in the independent review of technology-related procedures, product programs and projects to ensure appropriate technology is incorporated and that Bank technology policies are complied with.
• Review relevant system logs and events (using various tools) to identify and report on activities not consistent with the Bank Information Security policies, guidelines and standards.
• Carry out information security reviews along the various phases of project lifecycles, as provided in the Bank’s project management framework, and recommend required controls.
• Regularly report on ICT Risks to Management and Board Audit & Risk Committee as well as send a weekly report to the Executive Management on the cyber risks and follow through on closure of risks identified with TES & ICT Security teams.
• Participation in the formulation of Risk Acceptance criteria while developing and maintaining ICT Risk Registers.
• Facilitate an information security awareness program for all employees.
• Be aware of application, product and system development within the business and appraise the effect and appropriateness of planned changes to the existing control framework.
• Ensure that the Bank’s information security policies, procedures and guidelines are incorporated into all application, product, systems and services lifecycles.
• Maintain a relationship with internal and external auditors to guide their activities as regards Bank technology and processes and support implementation of agreed corrective actions.
• Attend relevant training on emerging trends and practices within the information security industry.
• Ensure strict adherence to all regulations, statutes, standards, practices and all internal processes and procedures as per the relevant manuals and comply with all relevant external legislation and regulations with regard to compliance requirements.

Skills, Competencies and Experience

• Bachelor’s degree in Information Technology or a Business-related field
• Certified Information Systems Auditor/ Certified Information Systems Manager certification
• Good understanding of risk and systems security control processes
• Managerial and team leadership experience 
• A good understanding of the Bank’s organizational structure, products and services 
• Understanding of Information Systems architecture and operational practices 
• Proven experience in the information security or systems audit function 
• Experience in performing analytical roles in complex business environments 
• Experience in the implementation of an ISMS against the ISO 27001 standard
• Experience in the development & Implementation of RSCAs and BIA

Desirable knowledge/skills and Experience Required:

• IT security and risk certifications e.g. CISA, CISSP, CISM, CRISC, CEH, etc. 
• Advanced computer skills including skills in Word, Excel, PowerPoint 
• Training in IT infrastructure and operating systems, Project Management, and Implementing Information security policies

Job expires on September 19, 2022