Careers at Family Bank Ltd

Job Purpose:

• The holder will play a critical role in the identification, assessment, and mitigation of information and  communication technology (ICT) risks within the Bank. The role involves conducting risk assessments, developing,  and implementing risk management strategies, and fostering a culture of security and compliance 

Key Responsibilities: 

• Assisting in maintaining a current enterprise-wide knowledge base of its users, devices, applications and  their relationships, including but not limited to:  
• Software and hardware asset inventory.  
• Network maps (including boundaries, traffic and data flow); and  Network utilization and performance data.  
• Conducting daily security reviews and cyber risk assessments that consider people (i.e. employees,  customers, outsourcing and other external parties), processes, projects, change, data, technology across  all the Bank’s business lines and locations.  
• Assisting to maintain and oversee policies, processes and control techniques to address all applicable cyber  security risks. 
• Assisting in entrenching and reinforcing of bank-wide cyber security awareness culture. 
• Assisting in the sustenance of the cyber security risk champions program. 
• Communicate in a timely fashion noted incidents to CRO  
• Assisting to capture, maintenance, update and monitor of cyber security risks in one risk register and track  closure of raised external and internal ICT audit issues.  
• Ensuring monthly collation of data on the KRIs for ICT operations, ICT projects and reputational risks. 
• Maintaining and update network security dashboards daily.  
• Recommending improvement in security review programs.  
• Assisting in implementing the institution’s cyber security program and enforcing the cyber security policy.  
• Assisting to design cyber security controls with the consideration of users at all levels of the organization, including internal (i.e. management and staff) and external users (i.e. contractors/consultants, business  partners and service providers).  
• Reviewing compliance with bank' ICT risk standards and where appropriate, implement actions to always  protect the bank’s business. 
• Reviewing and ensure all servers, routers, switches, firewalls and user PCs are up to date with the latest  patches, antivirus and all unnecessary services and applications are disabled or uninstalled daily.  
• Daily reviews of privileged user access and activities in line with the privileged access management  standard. Sensitize use of strong passwords on all systems. 
• Conducting monthly review of system user accounts and confirm conformity with HR staff lists to ensure  that everyone with access to confidential files is truly authorized. Including reviews of the allocation of user  profiles for all applications. 
• Conducting daily network monitoring to ensure only authorized traffic is allowed.  
• On a weekly basis carry out penetration tests and vulnerability assessments to ensure IT systems are  secure and report to CRO on significant trends and vulnerabilities. 
• Championing resolution of issues raised on ICT audits, self-assessments on ICT, project and reputational  risk. 
• Conducting root cause analysis on any risk exposures noted to ensure no repeat instances arise. 
• Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the  institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack  through cyber-crime.  
• Assisting in coordinating and performing periodic Head Office & Branch on site & off-site risk assessments  & risk awareness visits 
• Fraud Risk Assessments and Reporting. 
• Detect, report, respond, contain and mitigate incidents that impair adequate data and infrastructure security. 
• Assisting in institution of a robust training program on professional cyber related and enterprise ICT risk  management trainings to improve technical proficiency of staff. 
• Ensuring monitoring of current and emerging cyber risks is done.  
• Preparing daily dashboard on the key risk items from security event monitoring. 
• Tracking preparation of implementation plans on issues raised from risk event reports and risk  assessments. 
• Constantly assist with updating the security systems to deal with new threats. This involves staying abreast  of technology news, researching new antivirus technology and new safety protocols. 
• Detect, report, respond, contain and mitigate incidents that impair adequate data and infrastructure security. 
• Following up for closure of issues raised and aversion of repeat incidences. 
• Works with teams to resolve issues that are uncovered by various internal and third-party monitoring tools. 
• Monitoring changes made to ICT systems and assessing their impact to the business.  
• Ensuring the bank’s compliance with Risk Management Guidelines and Prudential Guidelines on cyber  security and any other existing or emerging regulatory requirements. 
• Ensuring that no unauthorized information leaves the bank via monitoring of USB devices such as flash  disks, external hard disks, external email, data loss prevention system and internet connections. 
• Preparing daily cyber security posture dashboards and reports to the CRO this includes weekly penetration  tests and vulnerability assessment results 
• Immediately report to the CRO on detected ICT and Information Security incidents. 
• Ensure effective management of AML/CFT risks 
• Ensure compliance with the Data Protection laws, policies and procedures of the Bank. 
• Any other official duties that may be allocated from time to time by the line manager. 

The Person:  

• The ideal candidate must possess the following:  

Qualifications/Experience:  

• A bachelor’s degree in ICT related field. 
• Professional cyber security and ICT qualifications will be added advantage.  
• Proven experience in ICT risk management, cybersecurity, or related roles. 
• Knowledge of industry standards such as ISO 27001, COBIT, NIST, COSO, and other relevant frameworks. 
• Excellent communication, interpersonal, organizational, and negotiation skills.  
• Strong analytical and problem-solving skills, with the ability to assess and communicate complex technical  risks to non-technical stakeholders. 
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross functional teams. 
• Ability to work independently, consult and clarify where necessary and make informed and firm decisions.  

Competencies/Attributes:   

• An awareness of risk assessment techniques and knowledge of systems, processes and procedures  adopted within risk management. 
• Must have flexible approach to accept and champion change. 
• Excellent understanding of the current trends in ICT risk management especially in the Kenyan banking  sector.  
• Sound knowledge of the Bank’s policies and procedures  
• Good understanding of ICT risk management in line with ISO 27001 framework.

go to method of application »

Job Purpose: 

• The holder will assist in providing an independent review of operational and reputation risk management by  monitoring and analysing operation activities in the bank to ensure the exposure to operational and reputation  risk is within acceptable levels. 

Key Responsibilities: 

• Identification, measurement and reporting of operational, regulatory, compliance and other related  risks in line with the bank’s operational risk management policy and the Basel accords.  
• Review the bank’s processes and procedures in the business units and branches to identify areas  of improvement and make appropriate recommendations for process improvement. 
• Assist risk owners in conducting Risk-Control Self Assessments 
• Maintain and continuously update incident reporting database, loss data database and analyze  trends on incidences for reporting and action by management. 
• Ensure that there are adequate MIS and standards of identifying, monitoring, measuring and  controlling operational risks periodically. 
• Assist the Operational Risk Manager in the training of staff on operational risk areas 
• On a proactive basis, identify, document and assess the operational risks associated with bank’s  activities, including the development of new products and new business practices. 
• Monitor operational risk landscape, developments and participate in industry-wide initiatives. 
• Assist in development of operational risk mitigation strategies for the bank’s critical risks and for  monitoring the risks  
• Support process owners and risk champions with identification of key risk indicators in their  respective functions aimed at mitigating those risks 
• Operation Risk Mapping & Risk registers update 
• Assist in development and communication of operational risk management tools including Risk  Control Risk Assessments and incident reporting 
• Continuously updating and monitoring Incidents emanating from branches and departments. 
• Co-ordinate with legal, internal audit, operations, and other control functions to manage, operational  risks in the bank. 
• Ensure continuous improvement in operating procedures to avoid risk materialization 
• Assist in the coordination of periodic Business Continuity Management Testing and documentation  of appropriate reports on success levels. 
• Assist in the development of risk management tools e.g. key risk indicators, risk & control self assessment, risk dashboards, risk heat maps etc. as well as establishing risk registers at Bank level  & departmental levels for sustainable focus on top risks of the Bank. 
• Assist the Manager operation risk in reviewing business initiatives i.e. products and projects for the  bank and recommend appropriate changes in controls and monitoring procedures.  
• Assist in preparation of operational risk reports for submission to Management Risk Committee, EXCO and/or Board Risk Committee to facilitate active risk oversight. 
• Ensure effective management of AML/CFT risks that have a bearing with operation risk 

The Person:  

• The ideal candidate must possess the following:  

Qualifications 

• A bachelor’s degree in business, Economics, IT or other related fields. 
• Professional banking qualifications such as CPA, CISA, CRMA, CISM, IRM or other risk related  certifications will be added advantage.  
• At least 5 years working experience in a bank operations environment 
• 3 years’ experience in risk and compliance within a financial institution 

Key Competencies and Attributes 

• Excellent knowledge and experience of ICT and analytical skills is a must. 
• Excellent communication, interpersonal, organizational, and negotiation skills.  
• Ability to work independently, consult and clarify where necessary and make informed decisions 
• An awareness of risk assessment techniques and knowledge of systems, processes and procedures adopted  within risk management. 
• Must have flexible approach to accept and champion change. 
• Excellent understanding of the current trends in risk management especially in the Kenyan banking sector.  
• Sound knowledge of the Bank’s policies and procedures  
• Good understanding of operational risk management in line with Basel III and CBK Risk Management  guidelines 

go to method of application »

REPORTING TO: SENIOR MANAGER DFS TECHNICAL.   

Job Purpose:

• To lead and coordinate the bank’s mobile and other emerging channels initiatives. Responsible for  ensuring that all digital channel systems that are deployed in the bank are properly managed and supported to  provide high availability and exceptional customer experience on 24/7-hour basis. 

Key Responsibilities: 

• Provide technical support for existing mobile and internet banking systems. 
• Customer support through issue tracking and resolution within agreed TAT. 
• System monitoring to ensure both maximum uptime for systems and transactional integrity. 
• Routine system administration and management. 
• Compliance to Change management processes and procedures. 
• Provide technical support for existing mobile and internet banking systems and implementation of related  projects. 
• Keep track of user issues and oversee their prompt resolution. 
• Follow established change management practices by ensuring that they are well tested and are rolled out  in a manner that adheres to established business processes. 
• Continuously analyze user requirements to develop and provide solutions. 
• Routine system administration and management. 
• Maintain up to date system and user documentation. 
• Ensure compliance of SLAs by system vendors. 
• Develop real time online reports and monitoring tools to be able to track mobile and internet banking  systems uptime and performance. 
• Continual Service Improvement by recommending and implementing upgrades or changes to the mobile  solutions for increased performance, security or business benefits 
• Develop subject matter expert knowledge of Mobile technologies, e-Commerce and other payment banking  technologies 
• Develop Business Continuity plans for both mobile channel solutions. 
• System monitoring to ensure both maximum uptime for systems and transactional integrity. 
• Development and provision of both structured and ad-hoc reports for consumption by various teams. 
• Provide user support, perform system backups and restore. 
• Trouble shooting and resolution of identified incidents/problems. 
• Proactive monitoring and attendance to anticipated service disrupters. 
• Recommend service enhancements geared towards efficient and effective service provision. 
• Engagement with partners to resolve service disruption incidents 
• Any other official duty that may be allocated by management from time to time.

The Person:  

• The ideal candidate must possess the following:  

Qualifications:  

• Bachelor’s degree in ICT, Computer Science, Information Systems or an IT related field. 
• Professional IT qualifications in one or more of the following: ITIL, Linux, Prince2, programming, DB  Administration 
• Knowledge of IT Banking Systems Implementation & Capabilities 
• Knowledge of Database management systems, solutions and administration 
• Sound knowledge of Bank operations, policies & procedures 
• Experience in mobile, Internet banking based financial systems as well as SMS & USSD connectivity 
• Excellent leadership & team management skills 
• Good communication & interpersonal skills 
• Customer focused – ability to strike a solid balance between external and internal customer orientation 

Key Competencies and Attributes: 

• Goal focused and able to spot business opportunities 
• Builds networks and maintains strong relationships 
• Able to manage and influence others to achieve results 
• Has passion and drive to achieve results under difficult circumstances 
• Pleasant and able to relate well in diverse social set ups and teams  
• Upholds high standard of Professionalism, integrity and respect for others   
• Able to identify, motivate and develop talent within the Bank. 
• Capacity to influence decisions at various levels 
• Communicates effectively  
• Drives high performance in teams