Head - ICT Security Operations at Co-operative Bank of Kenya

Are you looking for an employer who promotes individual excellence and mutual respect in a team-driven culture with a key focus on social empowerment? The Co-operative Bank of Kenya, “The Kingdom Bank” is the place for those looking to new horizons. We are looking for an experienced professional with a strategic understanding of the security landscape who is able to enforce policies across security solutions by fine tuning security policies.

This is a high visibility role which forms a critical part in monitoring network activities and reporting on any security related anomalies. This role will also support ICT projects from InfoSec standpoint. It provides the successful candidate with an opportunity to contribute to the organization’s ICT Security environment and exposure to many business areas. The successful candidate will also have an ideal opportunity to be an integral part of the organization and to really make a difference.

Reporting to the Director – ICT and Innovation division, the role holder will provide leadership to address the Bank’s ICT Security matters. He/ she will be responsible for the identification, analysis, evaluation, life-cycle management and adoption of information security strategies that ensure the bank’s ICT assets and stakeholder data are protected. Using a multi-layered approach, the role holder will use their specialized expertise and up-to-date knowledge to help protect the Bank against Web threats that facilitate cyber-crime, including malware, phishing, viruses, denial-of-service attacks, information warfare and hacking.

The Role

Specifically, the successful jobholder will be required to:

• Develop, design and implement the Bank’s cybersecurity strategy. Ensure controls, procedures, and policies that meet regulatory requirements are in place for the management of fundamental organizational processes such as cyber risk management, change management, disaster recovery, and information security.
• Develop, design, implement, and enforce the Bank’s cybersecurity program.
• Lead the designing and implementation of IT controls intended to mitigate identified cyber risks, and ensure that they are monitored for continued effectiveness. This will include, but is not limited to, the implementation of ISO 27001 ISMS.
• Ensure that IT controls are updated and changed as necessary to correspond with changes in internal control and external regulatory requirements.
• Manage and ensure implementation of ICT security policies and procedures that provide a reasonable assurance that the information technology used by the Bank operates as intended, that data is reliable and that the organization is in compliance with applicable laws and regulations.
• Lead new projects related to ICT security technology and assurance.
• Design and provide "data-centric" security architecture and defense-in-depth solutions encompassing layers of controls to protect confidentiality, integrity, and availability (CIA) of the data.
• Manage the daily operations for ICT Security, providing timely updates, and supporting items relating to information security solutions, endpoint vulnerability, patch, and security configuration scanning and providing solution recommendations to avoid repeated issues.
• Define procedures and standards related to the management and resolution of vulnerability, patch, security configuration and other security assurance services.
• Understand the Bank’s business initiatives and requirements and map these business needs into technical ICT security architecture.
• Adopt and implement information security solutions that are scalable and easy to adapt with changing business requirements.
• Ensure strict adherence to all regulations, statutes, standards, practices, and all internal processes and procedures as per the relevant manuals and comply with all relevant external legislation and regulations with regard to Compliance requirements.
• Ensure that all information security management requirements within different sandboxes are addressed and where necessary, escalated through the available defined channels.
• Ensure that the stakeholders for ICT security initiatives are correctly identified, notified, and informed.
• Manage the Security Operations Centre (SOC) which provides effective round-the-clock security monitoring.

Skills, Competencies and Experience

• An IT related Bachelor’s degree or Business related degree with relevant IT Security professional qualifications i.e. Cisco Certified Network Associate (CCNA)/ Certified Information Systems Auditor (CISA) certification/ Certified Information Systems Security Professional (CISSP) CCIE (Security), CEH, CHP or other relevant security certifications.
• At least 6 years’ experience in leading ICT Security Services Strong knowledge of security architectures and technologies including assessment, methodologies, compliance standards etc.
• Solid knowledge of security standards and compliance like PCI, HIPAA, Sarbanes Oxley, ISO 27001, NIST, CSF, COBIT, ITIL, SANS 20.
• Strong understanding and knowledge of risk assessment, risk procedures, security assessment, vulnerability management, penetration testing.
• Strong experience and ability to prepare RFP/RFI response, proposals and solutions and Solid working knowledge of vendor programs and partner eco-system.
• Strong knowledge of cloud architecture and its security concerns and solid knowledge of solutions from vendors.
• Knowledge of common cybersecurity threats and sources of cybersecurity information.
• Excellent Business Relationship, interpersonal communication, presentation, high level of mathematical aptitude, strong problem-solving and Stakeholder management skills.