Branch: Kilimani Branch – Head Office
Reports to: Enterprise Risk Management, Head
Credit Risk Officer – Monitoring & Control
To monitor the performance of the portfolio and report to the various committees such as Board Credit, Management, Management Credit, and the Remedial, Committees of the bank.
To oversee implementation of Climate risk and related Environmental and Social Risks in Credit and report to the various stakeholders.
KEY RESPONSIBILITIES AND ACTIVITIES
- Monitoring the performance of the various Business segments’ credit Portfolio to ensure that the asset quality is maintained and improved within the benchmarked thresholds on PAR, delinquency and Migration to ensure provision costs are within set targets.
- Monitoring the performance of pre-90 accounts in order to identify unique cases for write-offs/write-downs, upgrades, restructures and waiver of arrears on contracts that qualify
- Ensuring that the interest rates for facilities are correctly allocated and ensure that the provisions are adequate for every contract and that the excess provisions are written back.
• Engaging with the debtors through meetings, visits, calls and correspondences in order to draft repayment plans and identify cases that require statutory or legal actions and recommend accordingly
- Ensuring the business has a proper debt recovery and collection strategy on nonperforming assets through customer follow-ups.
- Ensure business units are complying with internal policies and procedures to ensure that customer credit appraisals are of high quality to minimize lending risks through top-notch KYC/AML checklists and also loans advanced are within the bank lending policies.
• For trade finance products, closely monitoring the fees and commissions that are being collected as required
- For check-off loans in order to recommend actions for dropped, partially adopted or non-adopted loans as well as recommend waiver and restructuring for check-off loans that that are receiving correct payments
- Ensure compliance to credit limits and processes, debtors’ compliance to covenants
- Review and recommend improvements to bank credit processes, checklists, reports, limits utilization, and approvals
- Perform risk analysis on Loan documentation and processing, Securities perfection of secured loans, financial analysis on the loan application.
- Implementation of Climate risk and related Environmental and Social Risks in Credit and reporting to the various stakeholders.
Direct Reporting of this position: ERM Head.
Direct Reports to this position: NIL
Customers of this Position: Internal Customers – Business staff, management/ External Customers – Debt collectors, customers
- Asset quality below the benchmarked thresholds on PAR, delinquency and Migration and provision costs are not within set threshold.
- Unique cases for write-offs/write-downs, upgrades, restructures and waiver of arrears on contracts that qualify
- Allocation of interest rates for facilities are correct and provisions are adequate for every contract
- Identify cases that require statutory or legal actions and recommend accordingly
- Proper debt recovery and collection strategy on nonperforming assets through customer follow-ups for the business.
- Compliance level of the business with internal policies, procedures and limits
- Revenue leakage for fees commissions collected, and provisions writebacks, interest charged on loans
- Identify gaps in the implementation of CBK Prudential guidelines on credit management, climate risk management in the banking sector and requirements of the banking sector charter
- First Degree preferably in Finance, Commerce or business or other related fields.
- Grasp on CBK Prudential guidelines, credit management in the banking sector
- Minimum of 3 years in risk management, credit department in the banking industry .
SKILLS & COMPETENCIES
- Product knowledge of structured financial products, risk pricing, and equity investments.
- Familiarity with credit-enhancing mechanisms, risk mitigation and treatment of collateral regarding credit and investment exposures.
- In-depth knowledge of credit risk-related financial analysis, procedures, and systems in complex global financial services settings.
- Proven skills and working experience in risk assessment practices
- A solid understanding of credit and risk management; detail-oriented; quantitative analysis skills would be an advantage.
- Good oral and written communication skills in English.
PROFESSIONAL CERTIFICATION REQUIRED
- Certified Public Accountant
- Risk certifications are an added advantage
go to method of application »
Branch: Kilimani Branch – Head Office
Reports to: Head ERM
Chief Information Security Officer & Data Privacy Officer
To oversee the protection of bank and customer data, as well as the protection of infrastructure and assets from malicious actors. Serves as the process owner of all assurance activities related to the availability, integrity, and confidentiality of customer, business partner, employee, and business information in compliance with the bank’s information security policies.
- Audit and Compliance
- Policies Standards and Procedure
- Change Management and Change Catalyst
- Data Protection/Privacy
- Information Security Awareness Training
- Risk Management
- Security Operation Center SOC
- Business Continuity and Disaster Recovery
- Identity and Access Management
- Incident Reporting
- Cyber security
Draw out and implement a 5-year strategy plan towards the organization’s certification on ISMS – ISO27001
Draw out a yearly Budgetary proposal towards mitigating Technology Risk in the organization
Keep up to date with the latest security and technology developments
Research/evaluate emerging security threats and ways to manage them
Audit and Compliance
Leading auditing and security compliance initiatives.
Ensure that an annual Central Bank of Kenya (CBK) Cyber Security Compliance Report is provided
Drive the testing and evaluation of security products
Policies Standards and Procedure
- Develop and ensure up-to-date Information security policies and standards, are in place and followed through its socialization
- Change Management and Change Catalyst.
- Introduced security Risks Assessment in the product development lifecycle
- Introduced NDA compliance from all the Vendors
- Vendor Minimum Security Baseline Evaluation
- Implement annual KPI checklist and vendor risk management for Vendors is implemented
- Design new security systems or upgrade existing ones
Develop a Strategy for Data Privacy Compliance and walk through its implementation.
Data Protection Awareness Champion.
Conducting Data Mapping and Data Protection Impact Assessment.
Information Security Awareness Training.
Security Operation Center SOC
- Implement Information Security Incident Management program
- Operationalize a SOC and implement a SIEM
- Identify potential weaknesses and implement measures, such as firewalls and encryption
- Implement alert closure programs in Netguardians (Fraud) solution.
- Implement End Point Security including data leak prevention, mobile device management
- Monitor and respond to phishing emails and pharming activity
- Analysis and Monitoring of entry points, activity logs, internal environments, and databases.
- Vulnerability Assessment and Penetration Testing schedule and timetable
Business Continuity and Disaster Recovery
Update and implement a business continuity plan for the business.
Conduct Business Impact Assessment and define RPO and RTOs for the business.
Executed a tabletop and actual disaster recovery plan tests for people, systems, processes.
Conducted drills and work on areas of improvement.
Identity and Access Management
- Onboarding and off-boarding of Assets
- User provisioning/ de-provisioning and Privileged Access management.
- Developed and role-based access control matrix
- Update and implement an incident reporting mechanism and plan for the business
- Incident reporting to CBK as required
- Investigate security alerts and provide incident response.
- Use advanced analytic tools to determine emerging threat patterns and vulnerabilities
- Engage in ethical hacking, for example, simulating security breaches
- Generate reports for both technical and non-technical staff and stakeholders.
- Data Security and Fraud Prevention.
- Subject matter expert on Information Security, cyber security, and data Privacy
- Facilitate the following training:
- User awareness training for all staff
- Professional cyber-related training for technical staff
- Cybersecurity training and updates for Board Members
- Cybersecurity awareness for customers, suppliers, partners, outsourced service providers, and other third parties.
- Submit the required cybersecurity regulatory returns to the Central Bank of Kenya, as per the prescribed timelines.
- Ensure timely and comprehensive reports to the CEO, Senior Management, Board Audit Risk Management Committee, and the Board. These reports should be submitted at least quarterly.
- Design and periodically review the Bank’s cybersecurity program
- Support the submission of the following to the Board for approval, at least annually:
- Cybersecurity strategy/risk management plan.
- Cyber security policy and framework, or revisions thereof
- Cybersecurity risk assessments and risk appetite
- Cybersecurity budget
- Design cybersecurity controls with the consideration of users at all levels of the organization and advises the Business. Follow up with the responsible functions for implementation.
- Ensure that a business develops a cyber asset register that classifies its cybersecurity assets. Critical assets should be identified.
- Identify and facilitate compliance to data protection/ data privacy requirements.
- Manage the Security Operations Centre of the Bank to perform operational information security monitoring, testing, and threat intelligence. Where this function is outsourced, conduct oversight over and provide directions to any third-party service provider to whom this is outsourced.
- As the cybersecurity coordinator, perform the following roles:
- Regularly review the Bank’s incident response plan. This should include a data breach response plan.
- Regularly review the composition of the CSIRT
- Train CSIRT members on their roles and responsibilities
- Conduct regular tests and report test results to senior management, Board Risk Management Committee, and Board Audit Committee.
- Liaise with the Business Continuity Co-ordinator and the ICT function to ensure that adequate disaster recovery measures are in place i.e. functioning Disaster recovery site and adequate backups of critical IT systems and data in line with the required Recovery Time and Recovery Point Objectives.
- A minimum of a Bachelor’s degree in Information Technology, Computer science, Cybersecurity, business, or related fields.
- A Master’s degree in IT security will be an added advantage.
- 3- 5 years Banking Experience
- Knowledgeable in IT operations
- Proficient in IS Security
- Knowledge of Data Protection laws & General Data Protection Regulations (GDPR) is an added advantage.
SKILLS & COMPETENCIES
- Excellent interpersonal & Communication Skills.
- Working in Teams.
- Excellent analytical skills.
- Organization skills.
- Problem-solving skills.
- Excellent knowledge of security tools.
- Report writing skills.
- Professional qualification such as Certified Information Systems Security Professional CISA, Certified Information Systems Security Professional CISM or Certified Information Systems Security Professional (CISSP).
- Member of ISACA.