Information Security Officer at Consolidated Bank of Kenya

Job Purpose

• Reporting to the Information Security Manager, the Information Security Officer will be responsible for safeguarding the Bank’s information assets, systems, networks, and digital infrastructure against cybersecurity threats, unauthorized access, data breaches, and operational risks. The role will support the implementation, monitoring, and continuous improvement of the Bank’s information security framework, policies, standards, and compliance requirements in line with regulatory and industry best practices.

Key Responsibilities

• Developing, implementing, and maintaining the Bank’s information security policies, procedures, standards, and guidelines.
• Monitoring the Bank’s ICT environment to identify, assess, and mitigate cybersecurity risks and vulnerabilities.
• Coordinating information security risk assessments, audits, and compliance reviews.
• Managing security incidents, investigations, reporting, and response activities to minimize operational disruptions and losses.
• Conducting continuous monitoring of network security, endpoint protection, access controls, and data protection measures.
• Supporting implementation and management of cybersecurity tools, systems, and technologies.
• Ensuring compliance with applicable regulatory requirements, data protection laws, and industry security standards.
• Coordinating user access management and reviewing system privileges to ensure appropriate segregation of duties and least privilege principles.
• Conducting staff awareness programs and trainings on information security and cyber hygiene.
• Preparing periodic information security reports, risk dashboards, and incident reports for management review.
• Liaising with internal auditors, external auditors, regulators, and service providers on information security matters.
• Supporting business continuity, disaster recovery, and cyber resilience initiatives within the Bank.
• Keeping abreast with emerging cybersecurity threats, trends, technologies, and best practices and advising management appropriately.
• Participating in implementation of ICT projects to ensure security requirements are integrated into systems and processes.

Qualifications and Competencies

• Bachelor’s degree in Information Technology, Computer Science, Software Engineering, Cybersecurity, Information Systems, or a related field from a recognized institution.
• Professional certifications such as CISA, CISM, CISSP, CEH, CompTIA Security+, ISO 27001 Lead Implementer/Auditor, or related certifications will be an added advantage.
• At least three (3) years relevant work experience in information security, cybersecurity,
• ICT risk management, or related field, preferably in the banking or financial services sector.
• Demonstrated knowledge of information security frameworks, standards, and regulatory requirements.
• Proficiency in cybersecurity tools, network security, vulnerability management, and incident response processes.