Head of Cyber Risk & Red Team at Equity Bank Kenya

The Role

This Head of Cyber Risks & Red Team role is highly technical and challenging with opportunities to lead a team that will have a meaningful impact. The is expected to possess a deep understanding of both information security and information technology and should understand concepts including computer networking, web and native application functionality, operating system functionality, cloud services, corporate network environments and operations. He should be able to learn advanced concepts such as endpoint protection evasion, covert operations, and tailored exploit development.

The role leverages previous threat intelligence, and Red Team experience. This may involve delivering Threat Intel-led Red Team exercises, preparing a red team lab infrastructure, developing social engineering test campaigns and the associated collateral, executing phishing campaigns and attempting to compromise internet-facing systems, conducting privilege escalation and lateral movement within the group’s networks, hunting for objectives with little-to-no information provided at hand and attempting to exfiltrate data from the network;  all while avoiding detection from the bank’s security operations teams. The role will require you to perform exploits at scale while remaining stealthy, identify and exploit misconfigurations in the corporate infrastructure, quickly and effectively parse data, present relevant data in a digestible manner, think well outside the box.

At EGHL, you’ll be faced with complex problem-solving opportunities and hands-on technical opportunities on a daily basis to protect the Group’s most sensitive and valuable data through comprehensive and real-world scenario emulation, based off of the most up-to-date threat intelligence. You are expected to quickly assimilate new information, understand all the threat vectors in the group’s control environment and properly assess them. You will also be expected to create a team of red teamers and develop new skills as you progress

Responsibilities

• Responsible for the establishment of the group’s internal second line of defense red teaming capability to enable targeted testing of the group’s environment as well as effective follow up of vulnerability remediations.
• Perform red team assessments with purple team support, assumed breach assessments, ransomware readiness reviews (assessing susceptibly to modern ransomware threats), threat analysis and social-engineering assessments.
• Perform external/internal/cloud/wireless network assessments, web and mobile application testing, source code reviews, network security and IT architecture reviews.
• Define relevant key performance indicators and metrics for measuring the maturity of the Group’s security posture from red-teaming and cyber security assurance activities
• Provide both subject matter expertise and project management experience to serve as the “point person” for engagements and where required, supervise the scoping of prospective engagements by external vendors, participating in engagements from kickoff to completion.
• Interface with the relevant internal and external teams to clarify and provide support to address concerns, issues, or escalations; track and drive to closure any issues that impact the service and its value to the bank’s customers
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences
• Oversee and manage implementation improvements to the group’s business processes, methodologies, tools, and client communication methods
• Provide expert experience building information, cybersecurity and it risk programs to include hands-on implementation and/or assessment of relevant controls
• Provide necessary support in investigations, cyber forensic investigation and root cause analysis when required.
• Use formal project management skills in planning, tracking, and reporting on project progress

Processes

• Provide assurance that the first line implements controls to comply with applicable laws and regulations and escalate significant policy and regulatory non-compliance matters and developments to the Group CISRO;
• Support the Testing and Assurance team, based thematic reviews, stress tests, regulatory submissions, and Internal and external audit reviews;
• Establish and maintain strong relationships with identified stakeholders and understand their strategic goals to ensure ICS alignment
• Assist with the articulation of the value of ICS controls and their bottom-line impact;
• Represent EGHL in internal and external meetings where required;

Risk Management

• Lead all red team assessments and management of ICS risks and reporting outcomes within EGHL and the individual subsidiaries;
• Highlight gaps or control weaknesses against security controls and standards, raising concerns to the CISRO and relevant forums;
• Provide recommendations and feedback based on ICS testing and assurance experience within EGHL and the subsidiaries;
• Provide input into Group wide ICS assessments, reporting, and strategies

People and Talent

• Lead through example and help to create the appropriate culture and values.
• Work in collaboration with risk and control partners.
• Work collaboratively with the CISRO Team
• Effective staff management to achieve operational objectives
• Agility to manage and balance own time among multiple tasks, and lead junior staff when required
• Uphold and reinforce the independence of the second line ICS Risk function.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across EGHL. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.

Key Stakeholders

• Group Chief Risk Officer and other senior Risk management teams,
• Group CISRO, Head of IT and Cyber Security, Group Directors, Group CISO and other senior management
• IT Operations risk management and cloud governance heads and teams
• Group Internal Audit and other Business stakeholders 

Ideal Candidate

• Bachelor’s degree in Computer Science, Information and Cyber Security, Technology or equivalent
• Minimum of 7 years of relevant in information security or risk management, preferably in Banking and Financial sector, with 5 years hands-on experience in penetration testing red teaming and information assurance assessments
• Minimum of at least a CISSP, CISA, CISM or CRISC (at least one) certification
• Consistently able to demonstrate or articulate value proposition
• Prior positive interaction with C-level executives or senior executive personnel
• Candidates will also have one or more of the following
  • Licensed Penetration Tester (LPT)
  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Evasion Techniques and Breaching Defences (OSEP)
  • Offensive Security Advanced Windows Exploitation (OSEE)
  • SANS Penetration Testing and Ethical Hacking / Purple Team certifications
• Red team operations and purple team delivery, including adversary emulation
• Operation of common command and control solutions
• Network penetration testing and manipulation of network infrastructure
• Shell scripting or automation of simple tasks using common scripting languages
• Developing, extending, or modifying exploits, shellcode, or exploit tools
• Technical report writing and documentation of red team testing activities
• Presentation of technical details to both a technical and executive audiences
• Windows, Linux, Unix and/or Mac operating systems including bash and PowerShell
• Experience in at least four of the following
  • Email, phone, or physical social-engineering assessments
  • Reverse engineering malware, data obfuscators, or ciphers
  • Thorough understanding of network protocols, data on the wire, and covert channels
  • Threat intelligence analysis
  • System administration of corporate environments and networking
  • Systems exploitation
  • Offensive security project management
  • Source code review for control flow and security flaws
  • Strong knowledge of tools used for wireless, web application, and network security testing
  • Mobile and/or web application assessments
  • Technical incident response processes and engagements