Vacancies at NCBA Group

Job Purpose Statement

To evaluate business processes, analyse implemented changes, design, execute, measure, monitor, and control business processes to ensure that process outcomes are in harmony with the organization’s strategic goals. Work collaboratively across all departments of the organization to help improve the management of business processes.

Key Accountabilities (Duties and Responsibilities)

Financial (10%)

• Ensure all processes are prepared, authorized, and monitored for regulatory compliance.
• Identify and optimize key revenue-generating processes.
• Quantify cost savings and return on investment achieved by process improvement.

Internal Business Processes (60%)

• Analyze process data and metrics to identify business process challenges.
• Serve as key custodian of business processes, institutionalizing periodic reviews and version control.
• Facilitate teams to review current processes for effectiveness, quality, and simplification.
• Develop and implement solutions to improve operational efficiency.
• Establish key performance indicators to monitor process performance and address deviations.
• Design process workflows in compliance with regulatory requirements.
• Provide training programs on new processes as needed.
• Monitor and measure benefits of post-implementation to ensure product quality, efficiency, and improvement.
• Identify risks and issues in business processes and systems.
• Lead process assessments, design, and redesign.
• Analyze operating data and statistics to identify opportunities, develop action plans, and implement improvements.
• Prepare and maintain business process reports for management and customers.
• Promote the implementation of best practices.
• Recommend innovative business and technical solutions to improve operational effectiveness.
• Provide project management support to key stakeholders for high-priority business projects.

Customer (20%)

• Build and maintain positive working relationships with all levels of staff; serve as a resource for BPM-related issue resolution.
• Ensure all units within the Bank contribute to delivering efficient processes that meet customer expectations.
• Drive achievement of customer experience metrics through process efficiency initiatives.

Learning and Growth (10%)

• Be self-driven and proactive in skill development.
• Train, guide, and provide leadership and direction to business teams.
• Foster a positive work environment and employee satisfaction.
• Ensure adequacy of personal and staff competence for business process tasks.
• Support employee satisfaction and retention.
• Promote competence development and implementation of change and capability development programs.

Job Specifications

Academic:

• Bachelor’s degree from a recognized accredited university.

Professional:

• Lean Six Sigma certification.
• Business process re-engineering

Desired work experience:

• At least 5 years work experience in a Management position in Banking Operations. Role-holder should have exposure in central and branch banking operations.
• Working knowledge and effective application of all relevant banking policies, processes, procedures, and internal control guidelines to consistently achieve required compliance standards.

go to method of application »

Job Purpose Statement

The Cybersecurity Audit & Risk Lead is a senior position responsible for acting as the main liaison between the Bank and Internal/External Audit, IT Risk, and regulatory bodies on cyber and IT matters. This role oversees the entire audit and assurance process, from scoping and information gathering to closure. Key duties include managing the IT Risk and Control Self-Assessment (RCSA), maintaining a robust Cyber/IT Risk Register with Key Risk Indicators (KRIs), and tracking audit and compliance issues through to remediation. The role also involves providing timely management responses and evidence within the GRC platform, as well as in audit and risk reports and board papers. The position conducts third-party security risk assessments during onboarding and annual reviews and is a permanent member of the DRMC. The role ensures the Bank’s cyber control environment is effective, audit-ready, and aligned with ISO, NIST, CBK requirements, and internal policies.

Key Accountabilities (Duties and Responsibilities)

Audit & Risk Liaison (25%)

• Serve as the primary contact for internal, external, and regulatory IT & Cyber audits.
• Act as the main liaison for all IT risk engagements.
• Collaborate with the Cyber Assurance team to manage reports and trackers for all red/purple team engagements.
• Coordinate walkthroughs, evidence packs, and management responses, ensuring all submissions are made on time.
• Provide clear, timely management responses and evidence within the GRC platform and in audit/risk reports and board papers.
• Maintain the IT Audit Issue Tracker.
• Produce a monthly Assurance Dashboard highlighting open/overdue items, repeat findings, and root causes.

Overall Risk Assessments & Advisory (25%)

• Conduct comprehensive risk assessments within the IT and cybersecurity environment.
• Develop and implement risk mitigation plans with relevant stakeholders.
• Perform threat modeling (e.g., STRIDE) and recommend control designs and compensating measures.
• Monitor and track key risk indicators (KRIs) and key performance indicators (KPIs) related to IT risk.

IT RCSA & Risk Register Ownership (20%)

• Lead the IT & Cyber RCSA cycle, including planning, scoping, control testing, and residual rating.
• Maintain the Cyber/IT Risk Register in the GRC tool, ensuring clear risk statements, causes, impacts, KRIs, treatment plans, and target dates.
• Facilitate the risk acceptance process, ensure approvals within delegation, and report exceptions and trend analysis to management.
• Work closely with the Cybersecurity Assurance team to integrate issues identified during penetration testing and technical assessments into the RCSA, ensuring accurate risk representation and timely remediation.

IT Third-Party Security & Compliance (15%)

• Conduct Third-Party Risk Assessments (TPRA), including risk scoping, due diligence, attestation, evidence review, issue logging, and onboarding recommendations.
• Monitor critical vendors’ SLAs, incident notifications, RTO/RPO commitments, and right-to-audit clauses; schedule annual reassessments and witness tests as needed.

DMRC Cybersecurity Champion (5%)

• Support the Head of Information Security in preparing for DRMC meetings by ensuring management comments and actions are current and of high quality.
• Serve as a permanent member of all DRMC meetings.
• Ensure escalations for critical items and integrate DMRC actions into the GRC workflow.

Reporting, Analytics & Continuous Improvement (10%)

• Maintain metrics such as RCSA completion rate, control effectiveness, audit closure rate, TPRA coverage, and KRIs (e.g., overdue high risks, control test pass rate).
• Drive root-cause analysis of repeat findings, document lessons learned, and propose control or process improvements.

Job Specifications

• Bachelor’s degree in Information Security, Computer Science, Risk Management, or related field (Master’s preferred)
• At least two of the following certifications: CISSP, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, CGEIT/COBIT, PCI ISA, ISO 31000, CompTIA Security+
• Minimum 5–7 years of experience in IT audit, IT risk management, or related field; hands-on with GRC tools, familiarity with cloud infrastructure, running RCSAs, and audit remediation. Financial services experience preferred. Technical background is an advantage.
• Experience engaging with C-suite is an added advantage

Technical Competencies

• Strong knowledge of ISO 27001/27701, ISO 22301, ISO 27005/31000, NIST CSF/800-53/800-30, PCI DSS, privacy/DPA, CBK guidelines, and cloud/service models
• Strong grasp of risk management, compliance obligations, and ITIL practices
• Familiarity with GRC platforms and data analytics/reporting tools
• Strategic thinking, financial acumen, stakeholder influence, program management, and excellent communication skills

Behavioural Competencies

• High ethical standards and objective judgment
• Excellent communication and stakeholder management skills
• Attention to detail and ability to manage multiple priorities
• Analytical and problem-solving mindset with a pragmatic, solutions-oriented approach
• Highly organized, diplomatic, and able to ensure follow-through on commitments and remediation activities
• Aligns governance with business value and technology trends
• Builds consensus across diverse stakeholder groups
• Uses data-driven insights for decision-making and continuous improvement
• Champions a culture of compliance and innovation