Information Security Officer at Old Mutual Kenya

Job Description

• The role holder will be responsible for overseeing the security framework to ensure security controls are in place in the bank, direct the cyber security strategy, identify threat scenarios quantify risks and work with stakeholders to ensure effective mitigation controls are in place and ensure compliance with all relevant regulatory requirements
• Overseeing and implementing the bank’s cyber security program and enforcing the cyber security policy / framework and ensure up-to- date information security policies and standards are in place including the cyber risk management plan.
• Ensure the Bank maintains a current enterprise -wide knowledge base of its users, devices, application and their relationships, including but now limited to:
  • Software and hardware asset inventory
  • Network maps (including boundaries, traffic and data flow); and
  • Network utilization and performance data
• Keep up to date with the latest security and technology developments, research/ evaluate emerging security threats and ways to manage them.
• Develop an information Security awareness program, prepare curriculum for different set of users and execute the program.
• Ensuring that Faulu maintains a current and comprehensive cyber asset and user register. Risk identification should be forward looking and include security incident handling.
• Ensuring that information systems meet the need of Faulu , particularly information system development strategies, comply with the overall business strategies, ERM framework, risk appetite and ICT policies.
• Design cybersecurity controls with the consideration of users at all levels of the organization, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business partners and service providers).
• Draw out yearly budgetary proposals towards mitigating technological risk in the bank.
• Organizing professional cyber related trainings to improve technical proficiency of staff and user awareness trainings for improved cyber hygiene.
• Ensure that adequate processes are in place for monitoring IT systems to detect cybersecurity events and incidents in a timely manner.
• Reporting to the CEO, at least quarterly, on the following:
• Assessment of the confidentiality, integrity and availability of the information systems in Faulu.
• Detailed exceptions to the approved cybersecurity policies and procedures.
• Assessment of the effectiveness of the approved cybersecurity program.
• All material cybersecurity events that affected the Bank during the period.
• Reporting to the Board, at least quarterly, on Faulu’s capability to manage cybersecurity and progress in implementation of the cybersecurity strategy and goals.
• Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
• Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
• Ensure adequate backups of critical IT systems and data in line with predetermined recovery objectives (e.g. real time back up of changes made to critical data) are carried out to a site that is unlikely to be affected by a disaster event at the main processing site.
• Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.
• Put in place BCP and disaster recovery test plans to ensure that the Bank can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
• Assessing the overall effectiveness of Faulu’s cybersecurity program.
• Quarterly reporting on the organization’s cybersecurity posture to senior management, Board Risk Management Committee, Audit committee and the board.
• Conduct oversight over and provide directions to any third-party service provider contracted to perform operational security functions such as information security monitoring, testing and threat intelligence.
• Ensure that an annual Central Bank of Kenya (CBK) Cyber Security Compliance report is provided.
• Collaborate with other banks and the security agencies to share the latest cyber threats /attacks encountered by the bank.
• Use of advanced analytic tools to determine emerging threat patters and vulnerabilities.

Education

• Bachelors Degree (B): Information Technology And Computer Science: Information Technology Management