Head – ICT Security at Co-operative Bank of Kenya

Reporting to the Director – ICT and Innovation division, the role holder will provide leadership to address the Bank’s ICT Security matters. He/ she will be responsible for the identification, analysis, evaluation, life-cycle management, and adoption of information security strategies that ensure the bank’s ICT assets and stakeholder data are protected.  Using a multi-layered approach, the role holder will use their specialized expertise and up-to-date knowledge to help protect the Bank against threats that facilitate cyber-crime, including malware, phishing, viruses, denial-of-service attacks, information warfare and hacking.

The Role 

Specifically, the successful jobholder will be required to:

• Develop, design, enrich and implement the Bank’s information security strategy. Ensure controls, procedures, and policies that meet regulatory requirements are in place for the management of fundamental organizational processes such as cyber risk management, change management, disaster recovery, and information security.
• Develop, design, implement, and enforce the Bank’s cybersecurity program. 
• Lead the designing and implementation of IT controls intended to mitigate identified cyber risks and ensure that they are monitored for continued effectiveness. This will include, but is not limited to, the implementation of ISO/IEC 27001.
• Ensure that IT controls are updated and changed as necessary to correspond with changes in internal control and external regulatory requirements.
• Manage and ensure implementation of ICT security policies and procedures that provide a reasonable assurance that the information technology used by the Bank operates as intended, that data is reliable and that the organization is in compliance with applicable laws and regulations.
• Lead new projects related to ICT security technology and assurance.
• Design and provide “data-centric” security architecture and defense-in-depth solutions encompassing layers of controls to protect confidentiality, integrity, and availability (CIA) of the data.
• Manage the daily operations for ICT security, providing timely updates, and supporting items relating to information security solutions, endpoint vulnerability, patch, and security configuration scanning and providing solution recommendations to avoid repeated issues.
• Define procedures and standards related to the management and resolution of vulnerability, patches, security configuration and other security assurance services.
• Understand the Bank’s business initiatives and requirements and map these business needs into technical ICT security architecture.
• Adopt and implement information security solutions that are scalable and easy to adapt to changing business requirements.
• Ensure strict adherence to all regulations, statutes, standards, practices, and all internal processes and procedures as per the relevant manuals and comply with all relevant external legislation and regulations with regard to compliance requirements.
• Ensure that all information security management requirements within different sandboxes are addressed and where necessary, escalated through the available defined channels.
• Ensure that the stakeholders for ICT security initiatives are correctly identified, notified, and informed.
• Implement and manage a security operations center that provides effective round-the-clock security monitoring.

Skills, Competencies and Experience

• An IT- related Bachelor’s degree or business-related degree with relevant IT Security professional qualifications i.e. Cisco Certified Network Associate (CCNA)/ Certified Information Systems Auditor (CISA) certification/ Certified Information Systems Security Professional (CISSP) CCIE (Security), CEH, CHP or other relevant security certifications.
• At least 6 years of experience in leading ICT Security Services.
• Strong knowledge of security architectures and technologies including assessment, methodologies, compliance standards, etc.
• Solid knowledge of security standards and compliance like PCI, HIPAA, Sarbanes Oxley, ISO 27001, NIST, CSF, COBIT, ITIL, and SANS 20.
• Strong understanding and knowledge of risk assessment, risk procedures, security assessment, vulnerability management, and penetration testing.
• Strong experience and ability to prepare RFP/RFI responses, proposals and solutions and Solid working knowledge of vendor programs and partner ecosystem.
• Strong knowledge of cloud architecture and its security concerns and solid knowledge of solutions from vendors. 
• Knowledge of common cybersecurity threats and sources of cybersecurity information.
• Excellent business relationship, interpersonal communication, presentation, high level of mathematical aptitude, strong problem-solving and stakeholder management skills.