Senior Manager, Enterprise Security Architecture at KCB Bank Kenya

The Position: 

The Enterprise Security Architect role is responsible for securing enterprise information systems and assets by determining, planning, ensuring implementation and testing of security requirements. The role will be responsible for developing and maintaining an Enterprise Security Architecture Framework, security controls library and security standards, policies, and procedures.

Key Responsibilities:

• Design, implement and maintain the group’s Enterprise level Security Architecture framework in line with best practice in collaboration with the Group Enterprise Architecture function.
• Ensure the preparation, documentation, and maintenance of Information Security policies, standards, and procedures.
• Define information security requirements and acceptance criteria for new systems as well as maintain an information security controls library by evaluating business strategies and requirements, including adherence to industry standards such as SWIFT CSP, PCI DSS.
• Ensure compliance with Group Information Security standards in all business and technology projects, from requirements specification, procurement, analysis to go-live, to ensure that security standards are followed to deliver secure systems.
• Lead the involvement of Group Information Security in DevSecOps organization and secure SDLC ensuring integration of security and compliance through requirements specification, development, testing, deployment, and maintenance lifecycles.
• Plan, coordinate, and manage Information Security involvement in the change management process, representing the department in Change Advisory Board (CAB), and advising the Head, Group Information Security of adherence to Information Security requirements.
• Manage and direct the team of application security testers and DevSecOps Security Analysts to ensure secure developments and deployments are done by agile scrum and project teams.
• Participate in the formulation, analysis, and periodic review of the Group Information Security strategy, roadmap and budget to compliment and enable the overall Group Technology strategy, risk management framework, and evolving threat and regulatory landscape.
• Participate in collaboration with other Group Information Security units to plan for security systems, developing security requirements that ensure confidentiality, integrity, and availability of the group’s information systems, in line with the Bank’s defined Enterprise Security Architecture, industry standards and trends.
• Define, monitor, and report on information security metrics periodically to senior management to demonstrate return on security investment.

The Person:

For the above position, the successful applicant should have the following:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Engineering (Electrical/ Electronic) or related field.
• Professional qualifications in any one of the following:
• Information Security Certification in CISA/ CISM/CISSP/ Security +.
• Certification in Network/ Database/ System/ Security Administration of either Cisco/ Checkpoint/ Fortinet/ Oracle/ Microsoft/ SIEM.
• Information Security testing and DevSecOps certification of wither Certified DevSecOps Professional/ Certified Secure Software Lifecycle Professional/ CEH/ OSCP/ CPT/ GPEN/ GWAPT.
• 6 years Technology experience with at least 3 years in Cybersecurity.
• 3 years’ experience in System/ Network/ Database or Cloud Platform Administration.
• 2 years’ experience in System Security Testing and leading technical teams.
• Strong interpersonal and communication skill