Vacancies at HF Group

Principle Accountabilities

Information Security Governance, Data Protection and Compliance Requirements

• Data Protection and Privacy (30%) - Facilitate data privacy through transparent data protection policies, procedures and systems. Additionally, the role shall;
• Act as point of contact with any supervisory authorities and internal teams on data processing-related issues
• Identify and evaluate the organization’s data processing activities
• Provide guidance in conducting Data Protection Impact Assessments (DPIAs)
• Inform and advise the organization (data controller/data processor) and employees involved in data processing of their obligations to comply with Data Protection Act and other applicable regulations.
• Monitor Compliance with the Data Protection Act, as well as internal polices related to various data protection activities, including awareness, training, and internal audits
• Co-operate with the Data Commissioner and any other authority on matters relating to data protection.
• Information Security Management System (ISMS) Benchmarking with industry best practice/standards (10%)
• Provide guidance to ICT and drive technology best practices (COBIT, ISO 27001, PCI DSS), while enshrining these with the ICT policies and practices.
• Regulatory Compliance (10%) - Keep up-to-date with regulatory guidelines (e.g. CBK prudential guidelines etc.) affecting information technology and information security, and continuously update the organization’s policies, standards and procedures
• Risk & Audit Management (20%)
• Manage risk management tools and practices within ICT; including Risk Control Self Assessments (RCSA) and ICT risk registers, across the organization.
• Manage and act as the key liaison for all Internal and External ICT and IS audit and risk assessment engagements across the organization.
• Track and report on ICT audit and risk findings, including managing ICT management forums for discussion and reporting of these findings.
• Manage the Information Security Awareness program across the organization and with external stakeholders, including awareness trainings, tools and reporting.
• Risk champion for the ICT department
• Business Continuity Planning (10%)
• Manage the ICT Business Continuity Program across the organization.
• Manage the ICT Business Impact Analysis process and outputs.
• In liaison with the other ICT stakeholders, maintain up-to-date disaster recovery plans and ensure recovery procedures are effective for restoration of key ICT systems and therefore resumption of critical business processes
• Manage Disaster Recovery and backup testing schedules, reporting and remedial actions.
• Regular monitoring and reporting on any significant gaps on ICT business continuity practices, including data replication and backups.

Cybersecurity Assurance Requirements

• System user access management (10%) - maintain a robust program for system user access management.
• Business projects assurance (10%)
• Participate and contribute towards developing and supporting progressive ICT practices (e.g. agile, DevOps)
• Provide ICT security assurance to business projects to ensure that any new products, services, channels and other ICT changes introduced meet the security compliance threshold.

Key Competencies and Skills

Technical Competencies

• Knowledge to develop and manage Information Security strategy and policy frameworks.
• Technical skills to effectively perform IS security management activities/tasks in a manner that consistently achieves established quality standards or benchmarks.
• Knowledge of the Kenya Data Protection Act (2019) and related laws as well as applicable CBK Prudential Guidelines on data protection and privacy.
• Knowledge to develop and manage Business Continuity and Disaster Recovery plans and processes.
• Knowledge and effective application of all relevant banking policies, processes, procedures and guidelines to consistently achieve required compliance standards or benchmarks.
• Knowledge and application of modern IS security management practices and best practice compliance standards in financial services industry, to proactively define and implement security quality improvements in line with technological and product changes.
• Performance management to optimise personal and team productivity.

Behavioural Competencies:

• Interpersonal skills to effectively communicate with and manage expectations of all team members and other stakeholders who impact performance.
• Self-empowerment to enable the development of open communication, teamwork and trust that are needed to support true performance and a customer-service-oriented culture.
• Demonstrable integrity and ethical practices.

Minimum Qualifications, Knowledge and Experience

Ideal Job Specifications

• Bachelor’s Degree in, Information Systems, Computer Science, Information Security or related field required
• At least 7 years’ experience in IT, Information Security or IT Governance, with 2 years in a managerial role within a highly digitized organization.
• 3+ years’ experience conducting IT compliance assessments or IT governance and assurance/compliance assessments in an organization
• Relevant certifications in information security knowledge areas, such as Information Systems Audit, Information Security Management and Business Continuity/Disaster Recovery.
• Knowledge of information security best practice & compliance standards.
• Knowledge and experience in audit management and reporting
• Knowledge of relevant CBK Prudential Guidelines and laws applicable to data protection and privacy.
• Prior experience working within a financial service organization will be an added advantage

go to method of application »

Principle Accountabilities

• Generating Debit and Credit card order files for new/additional cardholder/replacement and renewals.
• Ensure the accuracy and integrity of data related to card operations.
• Tracking of Cards dispatched to branches.
• Handling base card/collateral stock management with Delarue.
• Generating debit and credit adjustments for update to Credit Card Management System.
• Managing credit card limit requests.
• Ensure all credit and debit cards are enrolled for 3D Secure.
• Handle static data changes on Credit Card Management System.
• Handle closure of credit cards.
• Handle change of card statuses.
• Handle of deceased cardholder process.
• Ensure e-statement are sent to credit cardholders on timely basis.
• Identify areas for process optimization to enhance the efficiency of card operations.
• Manage relationships with external vendors that provide card processing services, ensuring they meet SLAs and performance standards.
• Work closely with other departments such as IT and customer service to ensure seamless card operations.

Key Competencies and Skills

General Competencies

• Ensuring accuracy in processing card-related tasks, such as issuing and renewing.
• Handling multiple card related requests, meeting deadlines and efficiency managing the workload to avoid delays.
• Quickly resolving issues related to card delivery problems or system errors affecting card issuance.
• Keen eye for accuracy in processing card related tasks.
• Collaboration and Teamwork.
• Ethics and Integrity.
• Strong Communication skills.

Technical Competencies

• Card Management System (CMS) Proficiency.
• Knowledge of Card Issuance Process, Card Activations, Renewals and Replacements.
• Knowledge of Card Lifecycle Operations.
• Data Entry and Record Keeping.
• Reporting skills on card issuance and status tracking.
• Familiarity with general banking systems and how they integrate with card operations.
• Skills in generating reports to monitor card performance and issuance.

Minimum Qualifications, Knowledge and Experience

Education

• Minimum Bachelor’s degree in business or information technology related field.
• Professional accounting Qualifications i.e. CPA/ACCA.
• Any Banking qualification/ Business related qualification.

Experience

• 2 -3 years Banking Experience with at least 2 years in Card Business.
• Familiarity with the Card Management System.