Manager, IT Security at Commercial International Bank (CIB) Kenya

Job Purpose Statement

Reporting to the Head of IT and Projects, the Manager IT Security shall be responsible for the Bank’s Information Technology security program with the main objective of protecting CIBKE’s information systems, network and infrastructure from external and internal threats.

Key Responsibilities

Financial

• Budget Planning: Collaborate with the Head of IT and Projects and various stakeholders to plan the IT security budget. This involves estimating the financial resources required to address security needs for the upcoming fiscal year.
• Expense Monitoring: Continuously monitor and manage expenses related to security projects and initiatives to ensure they remain within budget. Take corrective actions if there are deviations.
• Long-Term Planning: Consider long-term financial planning for security, including multi-year budgets that account for evolving threats and technology.

Customer

• Policy Development: Develop, implement, and enforce IT security policies and procedures for internal customers to ensure compliance with security standards and best practices.
• Access Control: Manage user access to systems, applications, and data, ensuring internal customers have the appropriate level of access based on roles and responsibilities.
• Incident Response: Develop and implement an incident response plan; lead incident response efforts in case of security breaches or incidents.

Internal Business Process

• Data Protection: Implement measures to protect sensitive data in business processes (encryption, data loss prevention, secure data handling).
• Business Continuity & Disaster Recovery: Develop and maintain plans to ensure critical processes resume quickly after incidents or disasters.
• Audit: Ensure action plans and delivery dates are in place to address open internal or external audit items and track these actions to completion.

Functional Responsibilities

• Build the security infrastructure architecture to help manage, operate, maintain, and monitor adherence to IT Security architecture and policies.
• Oversee the development and management of security controls, defenses, and countermeasures to safeguard corporate and customer data.
• Ensure annual regulatory and compliance needs are met; respond to audit requests for IT security.
• Recommend improvements to policies, processes, and procedures; manage their implementation.
• Supervise daily IT Security team operations, provide guidance, encourage teamwork, and facilitate work processes.

Our Values

• Customer First
• Lead the Market
• Integrity
• Agility

Job Specification

Academic

• Bachelor’s Degree in Information Technology, Computer Engineering, Computer Science, or equivalent.
• Master’s in an IT-related field is a plus.

Professional Qualifications & Experience

• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Familiarity with security frameworks and best practices (PCI, ISO27K, NIST)
• Information Technology Infrastructure Library (ITIL)

Desired Work Experience

• 8–10 years in Systems and Information Security administration
• At least 3–5 years in a managerial role

Reporting Relationships

• Direct & Indirect Reports: All IT Security Staff
• Stakeholders
• Internal: All Bank Departments
• External: IT Vendors, Service Providers, and CBK

Ideal Job Competencies

Technical Competence

• Experience designing, implementing, and maintaining large-scale security solutions
• Proven experience with security solutions troubleshooting, monitoring tools, and escalation processes
• Experience with enterprise security architecture/software (IPS/IDS, antivirus, vulnerability scanners, DLP, web/email security)
• Strong knowledge of Defense-in-Depth mechanisms
• Knowledge of encryption and VPN
• Knowledge of financial and banking sector, fraud, and operational risk

Behavioral Competence

• Dynamic, analytical, and self-driven; able to work under pressure
• Strong people, project, and time management skills
• Hardworking, strategically minded with excellent organizational and planning skills