Officer – Information Systems Officer at Bank of Africa Kenya Limited

Job Purpose

Development and management of an efficient BOA Kenya’s Information Security Program that can identify, measure, monitor, and control the risks inherent in the Bank’s ICT systems while ensuring compliance with Industry Standards and Regulations.

Responsibilities and Accountabilities

IT Security Governance through:

• Developing and ensuring adherence to the annual IT Security Annual Plan BOA Kenya’s Cybersecurity Strategy.
• Formulation and review of ISMS, Cyber policies, and procedures.
• Attending various IT Security & Risk related committees i.e., Monthly IT Steering committee, KBA IT Systems, Risk and Security Sub-Committee Meetings.
• Implementation and enforcement of ISO 27001 framework in BOA Kenya’s Security practices i.e., software development, change management.

IT Security Risk Management through:

• Developing and periodic review/monitoring of IT & Security Key Risk Indicators.
• Update of the IT Risk register guided by periodic risk assessments.
• Periodic Endpoint Security reviews for compliance and timely updates.
• Review of Third-party risks guided by criticality, policies and procedures and SLAs and presentation of recommendations to Management to reduce associated risks.
• Conducting periodic Vulnerability assessment for BOA Kenya Infrastructure and develop remediation plans with IT Unit for critical vulnerabilities.
• Conducting periodic IT Security Assessment for New Applications, Projects, and Tools before adoption at BOA Kenya and recommendations on mitigants.
• Review and approve change requests raised by IT or BOA Kenya stakeholders for key infrastructure.

Information Security Program Development and Management by:

• Development and adherence to BOA Kenya’s Annual User Awareness Training Plan.
• Prepare and publish periodic IT Security awareness topics to BOA Kenya Staff.
• Research and review current Cybersecurity trends, threats updates, and reviews as applicable to BOA Kenya’s Environment.
• Conduct Targeted user training for specific roles within the Bank e.g., SWIFT, IT, New staff as guided by criticality.

Key Performance Indicators

• Monthly user awareness & training (1 active campaign on cyber security awareness platform, 4 email publications).
• Monthly endpoint security reviews of antivirus status for compliance
• Project risk assessments for risk identification as guided by the Bank’s project plans.
• Monthly vulnerability assessments and remediation.
• Annual and quarterly IT DR exercise testing, restoration, and failovers for business continuity.
• Quarterly access management and reviews.
• Monthly incident reporting.
• Weekly audit follow-up and closure.
• Monthly & quarterly reporting to IT Steering committee, Management & Board.
• Monthly IT security report on intrusions, endpoint security compliance, security trends and unit activities.
• Quarterly regulatory reporting & returns to CBK and KEPSS.
• Annual policy & procedure development and approval.
• Annual security tools Implementation and renewals reviews.

Minimum Requirements

• A Bachelor’s degree in an ICT related field.
• Minimum 3 years’ experience in ICT/ Security related roles.
• IT Certifications – CCNA – security.
• Information Security certifications (requisite, the more the added advantage)
  • CISSP (Certified Information Systems Security Professional)
  • Certified Ethical Hacker (CEH).
  • CISA (Certified Information Security Auditor)
  • CCISO (Certified Chief Information Security Officer)
  • CISM (Certified Information Security Manager)
  • ISO 27001 Lead Implementer