Manager, ICT Risk at National Bank of Kenya

Position Summary and Key Responsibilities

Position scope:

The successful candidate will be responsible for supporting risk identification and management process across all aspects of Information Technology for the Bank, updating the executive management on the results of the risk assessment and making recommendations for mitigations to protect the Bank systems or cover potential financial losses.

Key responsibilities:

• Develop and implement an ICT Risk Management Framework
• Conduct system vulnerability tests in line with Bank policies and global standards and report to management on vulnerability and protection against malware and hackers
• Identify and assess risks, design mitigation controls and monitor the risks till closure
• Clearly document and define risks and their potential impact alongside the statistical probability of such an event, and identify systems affected by the defined risk
• Develop ICT risk management guidelines to be used by all Divisions of the Bank
• Conduct system penetration testing for various stages of the system development lifecycle to ensure integrity, availability and assurance of the systems and technical processes
• Perform a review on compliance with ICT security policies across the technology ecosystem
• Evaluate security policy, processes and procedures for completeness and assess its applicability
• Work closely with business by identifying risks in products that use digital platforms
• Conduct fraud assessments on technology platforms as per fraud risk management policy
• Keep abreast with current advances in all areas of ICT security
• Continuously evaluate communication security, data vulnerability, business continuity; and examine employee compliance with security controls and deficiencies

Position requirement

Skills & Experience:

• Bachelor's Degree in Computer related field
• 3-5 years of related experience with an emphasis on ICT Risk
• Masters’ degree would be added advantage
• Certified in Risk and Information Systems Control (CRISC) or equivalent preferred;
• Ability to conduct data mining, data analysis and reporting
• An intermediate understanding of networking concepts
• Intermediate understanding of security appliances including but not limited to Intrusion Detection System (IDS), Intrusion Prevention System (IPS), Firewall, and Security Information and Event Management (SIEM) systems;
• Analytical, objective and ability to describe complex technical concepts and ideas in non-technical terms.
• Good communication & interpersonal skills