Job Openings at Sidian Bank

JOB PURPOSE
To support the Bank’s digital risk function by identifying, assessing, mitigating, and monitoring risks in digital banking channels (e.g., internet, mobile, API integrations). This includes controls, threats evaluation and ensuring risk awareness in digital product lifecycles.

KEY RESPONSIBILITIES AND ACTIVITIES

Digital Risk Identification & Assessment

• Identify, assess, and document risks associated with digital banking platforms, mobile banking, APIs, fintech integrations, and automation initiatives.
• Conduct risk assessments for new digital products, system changes, and third-party digital partnerships prior to go-live.

Risk Controls & Mitigation

• Evaluate adequacy of controls addressing digital, cyber, fraud, data, and operational risks within digital channels.
• Work with Legal, IT, Cybersecurity, IT Risk, DPO, Operations, Project, Digital Financial Services, and Product teams to strengthen digital risks’ preventive and detective controls during pre and post implementation

• Support up-to-date Risk Control Self-Assessment (RCSA) with Functional teams to strengthen digital risks’ preventive and detective controls during pre and post implementation and identification and validation of the sample control tests.

Digital KRIs & Monitoring

• Develop and monitor Key Risk Indicators (KRIs) for digital risks (e.g., system availability, transaction failures, fraud attempts, authentication issues).
• Identify emerging digital risk trends and escalate breaches of thresholds.

Incident & Issue Management

• Support investigation of digital risk incidents, near misses, and system disruptions.
• Track remediation actions arising from digital risk events, audits, and inspections.

Governance & Reporting

• Prepare digital risk dashboards and reports for Management Risk Committee and Board Risk Committee.
• Provide input into ICAAP, Operational Risk Assessments, and enterprise-wide risk reporting relating to digital risks.

Risk Culture & Advisory

• Embed “risk-by-design” principles in digital product development.
• Provide ongoing risk advisory support to Digital Banking, IT, and Innovation teams.

PERFORMANCE OBJECTIVES

• Institutionalize digital risk assessment at product design stage.
• Reduce notable digital risk incidents year-on-year.
• Maintain robust digital controls commensurate with Bank’s risk appetite.

KNOWLEDGE, SKILLS & EXPERIENCE

Academic

• Bachelor’s degree in Information Systems, Computer Science, IT, Risk Management, Engineering, or Finance.
• Postgraduate qualification in Information Security, Risk Management, or Technology Management is an added advantage. 

Professional

• One or more of the following (or working towards):
  • CISA (Certified Information Systems Auditor)
  • CRISC (Certified in Risk and Information Systems Control)
  • ISO 27001 Lead Implementer / Lead Auditor
  • ITIL (risk or service management modules)
• Cybersecurity or digital risk training is desirable. 

Desired Work Experience

• 4–6 years’ experience in technology risk, digital risk, IT audit, cybersecurity, or operational risk within a bank or regulated institution.
• Demonstrated exposure in:
  • Digital banking platforms (mobile, internet, APIs)
  • Technology risk assessments and KRIs
  • Cyber and fraud risk collaboration with IT and Security teams
• Experience supporting digital product launches or system implementations is a strong advantage. 

Key Competencies:

• Strong understanding of digital banking risk landscapes.
• Ability to evaluate technology controls and system risks.
• Data-driven risk analysis and reporting skills.
• Cross-functional collaboration skills. 

Behavioural Competencies

• Curiosity and continuous learning mindset.
• Ability to challenge technology teams constructively.
• Strong risk judgment in fast-changing environments.
• Clear communication with both technical and non-technical stakeholders.

go to method of application »

JOB PURPOSE

To operationalize and maintain the Bank’s data privacy and protection framework, ensuring compliance with the Kenya Data Protection Act (and other applicable data protection requirements). This includes overseeing personal data inventory, privacy impact assessments and data subject rights responses.

KEY RESPONSIBILITIES AND ACTIVITIES

Data Protection Compliance

• Support implementation and day-to-day operation of the Bank’s Data Protection & Privacy Framework in line with the Kenya Data Protection Act and ODPC guidance.
• Assist the Data Protection Officer (DPO) in maintaining regulatory compliance.
• Support the administration and updating of data protection policies, standards procedures, and guidelines.

Data Inventory & Mapping

• Maintain the Bank’s Register of Processing Activities (RoPA).
• Coordinate periodic data mapping exercises across systems, vendors, and business units to ensure completeness and accuracy. 
• Maintain and monitor data retention schedules for compliant disposal of records in accordance with regulatory and the Bank

Privacy Impact Assessments

• Conduct and document Data Protection Impact Assessments (DPIAs) for new products, systems, outsourcing arrangements, and process changes.
• Track implementation of privacy risk mitigation actions.

Data Subject Rights Management

• Coordinate responses to data subject requests (access, correction, deletion, objection).
• Ensure statutory timelines and documentation requirements are met.
• Assist in preparing reports, presentations, and compliance dashboards

Monitoring & Assurance

• Monitor compliance with privacy policies, consent requirements, data retention schedules, and cross-border data transfer controls.
• Support internal audits, regulatory reviews, and compliance assessments relating to data protection.
• Support the performance of third-party risk assessments and coordinate the tracking/closure of identified data privacy risks.
• Assess and identify data privacy risks for both existing and new projects, ensuring that privacy is embedded from the start (Privacy by Design) and that default settings protect personal data (Privacy by Default).

Training & Awareness

• Deliver data protection and privacy awareness training to staff.
• Provide practical guidance to business units on handling personal data securely.
• Conduct research on emerging privacy trends, regulatory updates, and best practices including 

Incident Management

• Support investigation and documentation of data breaches and privacy incidents.
• Assist with regulatory notifications and internal reporting where required.

PERFORMANCE OBJECTIVES

• Maintain up-to-date processing inventories and DPIA records.
• Ensure timely responses to data subject requests.
• Sustain compliance with data protection audit outcomes.

KNOWLEDGE, SKILLS & EXPERIENCE

Academic

Bachelor’s degree in Law, Information Systems, Computer Science, Business, Risk Management, or a related discipline. 

Professional

• Certification or formal training in:
• Data Protection & Privacy (e.g., DPO Certification, GDPR/Data Protection short courses)
• Membership or affiliation with data protection or information security bodies is an added advantage.

Desired Work Experience

• 2–4 years’ experience in data protection, compliance, IT risk, legal compliance, or information security, preferably within a regulated financial institution.
• Demonstrated exposure in:
  • Kenya Data Protection Act requirements
  • Data mapping and processing inventories
  • Privacy impact assessments or compliance reviews

Core Competencies

• Strong understanding of data privacy principles and regulatory requirements.
• Ability to document and maintain registers, DPIAs, and evidence packs.
• Good analytical and organisational skills.
• Strong attention to detail.

Behavioural Competencies

• • High ethical standards and confidentiality.
  • Strong sense of accountability.
  • Ability to work independently with minimal supervision.
• Effective communication with business users.

go to method of application »

JOB PURPOSE

To support regulatory compliance management by monitoring changes in law and regulatory requirements, embedding statutory compliance frameworks, and ensuring the Bank’s adherence to all relevant prudential guidance, reporting obligations, and license conditions.

KEY RESPONSIBILITIES AND ACTIVITIES

Regulatory Compliance Framework

• Maintain the Bank’s Regulatory & Statutory Compliance Framework in line with CBK requirements and other applicable laws.
• Maintain an up-to-date regulatory universe and compliance register covering all applicable laws, regulations, and guidelines.

Regulatory Monitoring & Advisory

• Monitor changes in laws, regulations, CBK circulars, and prudential guidelines.
• Interpret regulatory requirements and provide clear compliance guidance to business units and management.
• Assess regulatory impact on products, processes, and strategy.

Regulatory Reporting & Submissions

• Coordinate preparation, validation, and submission of all statutory and regulatory returns (CBK, KDIC, IRA, CMA, KRA, ODPC, etc. where applicable).
• Ensure completeness, accuracy, and timeliness of regulatory reports.
• Maintain regulatory submission calendars and evidence repositories.

Policy & Governance Alignment

• Ensure internal policies and procedures are updated to reflect regulatory changes.
• Support governance committees with regulatory compliance updates and compliance attestations.

Regulatory Inspections & Engagements

• Track inspection findings, agree corrective action plans, and monitor closure relating to regulatory compliance.
• Act as a key liaison between regulators and internal stakeholders.

Training & Awareness

• Deliver regulatory compliance awareness sessions to staff.
• Ensure business units understand regulatory obligations applicable to their functions.

PERFORMANCE OBJECTIVES

• Maintain zero material non-compliance with regulatory reporting timelines.
• Demonstrate responsiveness to regulatory changes via updated policies and communication.
• Increase regulatory awareness across business lines.

KNOWLEDGE, SKILLS & EXPERIENCE

Academic

• Bachelor’s degree in Law, Finance, Economics, Accounting, Business Administration, or a related field.
• Postgraduate qualification in Law, Compliance, or Risk Management is an added advantage. 

Professional

• At least one of the following:
  • ACAMS or equivalent AML/Compliance certification
  • ICIFA / ICS (Chartered Institute for Securities & Investment – Compliance pathways)
  • CPA (K) or ACCA (for statutory reporting exposure)
• Regulatory compliance or governance training is desirable.

Desired Work Experience

• 4–6 years’ experience in regulatory compliance, legal & compliance, or risk management within a bank or regulated financial institution.
• Hands-on experience with:
  • CBK Prudential Guidelines and circulars
  • Regulatory reporting and statutory returns
  • Regulatory inspections and supervisory engagements

Key Competencies:

• Strong working knowledge of Kenyan banking laws and CBK & other relevant regulations.
• Ability to interpret regulatory text and translate it into practical guidance.
• Strong organisation and deadline management skills.
• Excellent communication and regulatory liaison skills.

Behavioural Competencies

• Professional judgment and regulatory sensitivity.
• Confidence in dealing with regulators and senior management.
• Ethical mindset and independence.
• Calm under regulatory pressure.

go to method of application »

JOB PURPOSE

To support the Internal Controls & Compliance function by ensuring the Bank’s operations comply with internal policies, regulatory requirements, risk frameworks and industry standards. The role drives risk-based control assurance activities, performs control testing, and coordinates remediation with business units.

KEY RESPONSIBILITIES AND ACTIVITIES

Internal Control Framework

• Support the design, maintenance, and periodic review of the Bank’s Internal Control Framework in line with CBK Prudential Guidelines, COSO principles, and the Bank’s Risk Appetite.
• Ensure control standards are embedded within key business processes, products, and outsourced arrangements.

Control Testing & Assurance

• Execute risk-based control testing across business units (branch operations, credit, treasury, digital, finance, operations).
• Validate adequacy, design effectiveness, and operating effectiveness of key controls.
• Document control testing outcomes and evidence in a manner suitable for audit and regulatory review.
• Test the veracity, check accuracy and integrity of financial, operational, and customer service records (response time, resolution quality).

Issue & Remediation Management

• Track internal control weaknesses, compliance breaches, and operational incidents.
• Coordinate remediation action plans with business owners and monitor timely closure.
• Escalate overdue, high-risk, or recurring control failures to Senior Management and ERM/Compliance teams.

Policy & Procedure Oversight

• Support periodic review of operational and compliance-related policies to ensure alignment with regulatory and internal control expectations.
• Verify that approved policies are operationalised through procedures and process manuals.
• Support automation initiatives with control mechanisms.

Stakeholder Coordination

• Liaise with Internal Audit, Compliance, Risk Management, Operations, and Business Units on control findings and improvement actions.
• Support regulatory inspections and internal/external audits relating to controls and compliance matters.

Training & Compliance Awareness

• Conduct awareness sessions on internal controls and compliance standards.
• Provide recommendations for training programs based on audit findings.

Reporting

• Prepare internal control and compliance reports for Management and Board Risk Committee.
• Provide trend analysis on control effectiveness, repeat findings, and emerging control risks.

PERFORMANCE OBJECTIVES

• Embed a consistent control testing calendar covering all material functions.
• Ensure 100% timely escalation of critical compliance exceptions.
• Reduce repeat audit or inspection findings year-on-year.

KNOWLEDGE, SKILLS & EXPERIENCE

Academic

• Bachelor’s degree in Finance, Accounting, Business Administration, Economics, Risk Management, or a related discipline.
• Master’s Degree in Business, Finance, or Risk Management would be an asset.

Professional

• A Professional risk management certification or other recognised risk/control certification (advantage).
• Certified Internal Auditor (CIA) or progress towards CIA.
• CPA(K), ACCA qualifications are an added advantage

Desired Work Experience

• 4–6 years’ experience in internal controls, compliance, risk management, internal audit, or operations within a bank or regulated financial institution.
• At least 3 years in a second-line or assurance role (risk, compliance, or internal audit).
• Demonstrated experience in:
  • Control testing and assurance reviews
  • Audit issue tracking and remediation
  • Designing and implementing internal controls, compliance frameworks, and risk management policies.
  • Fraud detection, investigation, and compliance reviews is highly desirable
  • Collaborating with senior management to drive corrective actions.

Key Competencies

• Strong analytical, investigative, and problem-solving skills.
• High ethical standards, confidentiality, and integrity.
• Excellent report writing and presentation skills.
• Proficient in MS Office tools, particularly Excel and PowerPoint.
• Strong interpersonal and communication abilities to influence at all levels.
• Ability to work independently and manage multiple job cases simultaneously.