Vacancies at KCB Bank

The Position: 

The Information Security Specialist, Data Protection and Privacy is responsible for maintaining the integrity and confidentiality of the organization’s data while in use, in motion and in situ, in the Group’s information systems by implementing, maintaining, and monitoring effective data security controls and policies. The holder is also responsible for the deployment, testing and maintenance of data loss prevention systems, information protection security systems, and enforcement of database security controls.

Key Responsibilities:

• Recommend, implement, administer, optimize, and support appropriate tools and solutions offering data loss prevention, and information protection in compliance with the Bank’s policies and standards.
• Continuously review, enforce, and report on database and data store security controls that cover the major database management systems such as Oracle, Microsoft SQL Server, MySQL, PostgreSQL.
• Collaborate with the Cybersecurity Intelligence and Security Operations Centre (CiSOC) in the continuous monitoring and defence of the Bank’s data, information and databases from data leakage, intrusions, unauthorized access, unauthorized modification as well as assist to detect, report, and respond to data security violations/incidents.
• Develop Data and Database Security Technical Guidelines and Minimum Configuration Baseline Standards in line with industry best practices and technologies commensurate with risk and regulatory requirements and implementing the same cost effectively.
• Implement and enforce technical security controls to achieve data protection objectives set out by the organization and regulatory requirements such as the Kenya Data Protection Act, and CBK Guideline for Cybersecurity
• Define, create, and deliver compliance reports and relevant metrics in Data Security & Privacy to senior management, including violations, utilizing automation as deemed fit.
• Provide data security and privacy related support to projects from inception through to successful implementation in a bid to ensure that data security and overall information protection measures are built in from project inception.
• Conduct continuous data security reviews and data discovery assessments to determine any data security violations as well as efficacy of implemented countermeasures.
• Provide input into Information Security risk and control self-assessments by leveraging specialized knowledge in data security, databases, privacy, and information protection.
• Research on and provide technical data security and privacy expertise in the Group Information Security department, conduct data security awareness and user training sessions across the group.

The Person:

For the above position, the successful applicant should have the following:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Engineering (Electrical/ Electronic) or related field.
• Professional qualifications in any one of the following:
• Information Security Certification in CISA/ CISM/CISSP/ Security +.
• Oracle Database certifications in OCP/ Oracle Database Security/ Microsoft Database certifications e.g. MCDBA.
• Data security and/ or privacy certifications in either Certified Data Privacy Solutions Engineer/ Certified Information Privacy Professional.
• 5 years Technology experience with at least 2 years in Cybersecurity.
• 1 years’ experience in Database Administration/ Data/ Data Security.
• Experience in administering data/ information protection and privacy solutions will be desired.
• Strong interpersonal and communication skills.

go to method of application »

The Position:

The Cybersecurity Analyst, DevSecOps is responsible for undertaking security assurance of applications and developments before release to production, conduct periodic security reviews, and will be a contact person in Information Security for assigned agile scrum teams. The analyst ensures that security requirements are well captured and embedded in the secure SDLC for all system developments and deployments, secure coding practices are adhered to, and secure software and application configurations are maintained in the system’s lifetime. 

Key Responsibilities:

• Represent Group Information Security in assigned implementation projects and scrum teams to ensure all applications and changes meet set information security requirements before introduction to production environments.
• Contribute to the definition, documentation, and implementation of software security policies, secure coding practices and guidelines for the bank in line with industry best practices and technologies commensurate with risk and regulatory requirements.
• Consistently provide security requirements to developers and third parties to adhere to and comprehensively implement the Bank’s software security assurance framework by carrying out security and risk assessments of application and software changes.
• Collaborate with Enterprise Architecture and Business Application Development teams to identify application/software security improvements and plug-in identified security controls in DevSecOps tools.
• Contribute to formulation and conducting of regular trainings on secure coding, software security and application security practices for the development and other KCB technology teams at regular intervals.
• Contribute to the identification, integration, and maintenance of application security tools, such as SAST (Static Application Security Testing) and DAST tools (Static/Dynamic Application Security Testing), standards, and processes into the software development or product life cycle (SDLC / PLC), and CI/CD pipelines.
• Perform security and risk assessments for business solutions to identify inherent security risks and provide recommendations for addressing such risks.
• Create, and deliver software/application security compliance and testing reports and relevant metrics to the Bank’s Senior Management.
• Collaborate in the continuous monitoring and defence of the Bank’s critical applications, such as core banking, and digital channels, for cybersecurity threat indicators; report on violations and security measures taken to address threats.
• Protect the bank’s applications and systems by defining and reviewing access privileges and other security control structures.

The Person:

For the above position, the successful applicant should have the following:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Engineering (Electrical/ Electronic) or related field.
• Professional qualifications in any one of the following:
• Information Security certification in CISA/ CISSP/Security+.
• Information Security Testing and DevSecOps certification in either CDP (Certified DevSecOps Professional)/ CSSLP (Certified Secure Software Lifecycle Professional)/CEH, OSCP/ CPT/ GPEN/ GWAPT.
• 3 years Technology experience with at least 1 year experience in:
• Information Security.
• Secure SDLC and DevSecOps.
• Testing or implementing web, API, containerisation, or mobile application security best practices (such as OWASP, NIST).
• Experience in working with CI/CD tools, financial and capital markets desired.
• Strong interpersonal and communication skills.

go to method of application »

The Position:

Technology Service Delivery is responsible for managing the delivery, performance, supply chain of services and enterprise applications to provide the required level of service, system performance and functionality required to meet business objectives and customer(internal/external) expectations.

The ITIL processes manager shall be responsible for the operational management of ITIL Processes implementation including planning and coordination of all activities required to carry out, monitor and report on the ITIL processes. The individual shall also be responsible for the IT service Management tool and shall ensure that service levels are achieved in line with SLAs. He/She shall also be responsible for coordinating day to day operations of the monitoring team.

Key Responsibilities:

• Be accountable for implementation and adoption of ITIL processes within the organization.
• Coordinate enhancement s and ensure the accessibility of the ITSM tool within the organization.
• Ensure Proper I.T service delivery through T Incident Management, Service request management and event management.
• Plan and coordinate new deployments which include support processes and documentation.
• Manage day to day Service Level Management needs for IT working closely with project managers, head office SLA liaisons and branch clients to ensure service levels are met and exceeded.
• Manage the framework for describing services in an IT Service Catalogue, ensure the service catalogue is updated as services are created, maintain up to date service tiering.
• Coordinate the Monitoring and incident management team and come up with Intelligent reports and trends for Management.
• Continually review and design improvement to processes, services, and infrastructure to increase efficiency, effectiveness, and cost optimization.
• Identify areas of automation in System and Service monitoring.

The Person:

For the above position, the successful applicant should have the following:

• Bachelor’s degree in Information Technology, Computer Science, or any other Technology related field.
• Professional qualifications in ITIL.
• 4 years’ experience in the Design & Formulation of ITIL processes & procedures.
• 3 years’ experience in Client Support, Incident & Event Management, Reporting & Analytics.
• Excellent interpersonal & communication skills.
• Excellent planning, organization, problem solving & analytical skills.
• Ability to motivate others, promote team spirit and employee value.
• Excellent reporting skills.
• Ability to work under pressure & within tight deadlines.

go to method of application »

The Position: 

Technology Infrastructure department oversees planning, deployment and operation of state-of-the-art infrastructure services that include server, storage, network, databases, and cloud that support mission critical services for the Bank.

The role holder will act as the leader a team of engineers responsible for planning, implementation, and operations of KCBs systems infrastructure. The environment is composed of diverse and mission critical systems running in virtualized and non-virtualized infrastructure, SAN storage and backup & recovery infrastructure.

Key Responsibilities:

• Lead a team of Systems Engineers maintaining KCB systems infrastructure that includes Storage, Storage Area Network, Servers, Virtualization and Backup.
• Provide leadership in designing, building, and scaling production services and servers across multiple data centers for complex and data-intensive services.
• Responsible for ensuring dimensioning of systems is done periodically based on demand and projected growth.
• Responsible for proactive infrastructure provision to meet required business needs without impact on time to market.
• Implement technically strategic solutions for Server and Storage solutions to meet the Bank’s business needs for today and in the future.
• Responsible for systems infrastructure capacity management and working all relevant stakeholders to ensure the capacity management processes are always implemented and adhered to.
• Conduct contingency planning for potential IT hardware unavailability to ensure business continuity.
• Develop and maintain systems infrastructure documentation and action plans including policies and procedures, disaster recovery plans, user guides and best practices that relate to systems platforms in the bank.
• Implement best practice security measures to ensure the integrity and continuity of systems and continuously monitors security compliance.
• Establish and manage SLAs with all stakeholders to ensure High availability of Mission Critical Servers thus ensuring resilience and continuity planning.
• Establish effective relationship with suppliers and partners to influence their plans and maximize value delivery from the relationship for all systems infrastructure services.

The Person:

For the above position, the successful applicant should have the following:

• 10 years’ progressive experience in Information Technology with at least 5 years’ experience in infrastructure planning and/or support in an environment with extensive infrastructure deployment with Windows and Linux environment.
• Certification in either VMware (VCP), RedHat (RHCSA/RHCE) or Storage.
• Experience with Automation and Configuration Management with preference for Ansible.
• Cloud certifications with Azure (Administrator/ Solutions Architect) and AWS (SysOps/Solution Architect) will be an added advantage.
• Experience with Container/PaaS orchestration/management platforms such as Kubernetes, OpenShift will be an added advantage.

go to method of application »

The Position:

The role holder will be responsible for the Enterprise Architecture (IT Solution, Technical, systems, business & information architecture) of IT systems used by or to be procured by the Bank. He/ She will ensure that all IT Systems are aligned to the Enterprise Architecture Framework, Bank policy and best practice. He/ She will be will also be responsible for IT Governance which reviews all IT systems used by or to be procured to ensure they are aligned to the Bank and IT strategy, plans, policies, and standards.

In addition, the role holder will be responsible for eliciting, analyzing, validating, specifying, verifying, and managing the business needs of the business stakeholders, including customers and end users.

The Business Analyst works closely with business units, subject matter experts and technical resources to identify and document in detail the business needs.

Key Responsibilities:

• Lead requirements analysis, validation, and verification, ensuring that requirement statements are complete, consistent, concise, comprehensible, traceable, feasible, unambiguous, and verifiable; and transfer the same knowledge to the development team.
• Documentation of business requirements and processes for all business initiatives and projects.
• Provide an analysis to determine best path for solving business problems/opportunities that may include process improvement viz a viz information technology systems enhancement.
• Develop high level solution designs while ensuring requirements are in alignment with business strategies and business architecture roadmap/framework.
• Responsible for the requirements management in the scrum teams.
• Elicit requirements using interviews, document analysis, surveys, site visits, business process descriptions, use cases, scenarios, business analysis, competitive product analysis, task and workflow analysis, and/or requirements workshops.
• Participation in the business initiatives prioritization stage.
• Participate and guide on functional tests planning and execution.
• Participate in the IT quality assurance process.
• Ability to communicate (verbal and written) with business units that rely on that information to define system requirements or organizational processes.
• Manage requirements traceability information and track requirements. 
• Review the current deployment approach and evaluate / propose / expose opportunities for enhancing the deployment model for new and existing solutions.

The Person:

For the above position, the successful applicant should have the following:

• Bachelor's degree in Information Technology, Business, or a related field of study from a recognized institution.
• Certification in Project Management or ITIL Foundation.
• 3 years’ experience in IT Systems with at least 2 years’ experience in IT Projects, Banking Operations, Change Management, Emerging Technologies (channels, mobile and internet banking).
• Excellent interpersonal skills, including teamwork, facilitation, and negotiation skills.
• Excellent planning and organizational skills.