Vacancies at Sidian Bank

JOB PURPOSE

The SOC Analyst will monitor, detect, and respond to cybersecurity threats across Sidian Bank’s infrastructure. Operating under ISO 27001, NIST, and CIS frameworks, they will analyze alerts, escalate incidents, and deliver timely reports—regardless of pressure.

This role demands flexibility to work long shifts, including nights, weekends, and public holidays, ensuring 24/7 coverage and rapid incident containment. Responsibilities include threat hunting, refining detection rules, and coordinating with internal and external teams to strengthen SOC operations.

KEY ACCOUNTABILITIES (DUTIES AND RESPONSIBILITIES)

• Security Monitoring & Incident Response (40%): Continuously monitor Sidian Bank’s infrastructure using SIEM and other tools to detect, analyze, and respond to security incidents in real time. Ensure timely escalation and containment of threats.
• Threat Intelligence & Rule Tuning (20%): Refine detection rules, validate log sources, and integrate threat intelligence feeds to improve alert accuracy and reduce false positives.
• Shift Operations & Coverage (20%): Maintain 24/7 SOC coverage by working long shifts, including nights and weekends. Ensure seamless handovers and accurate documentation of incidents and actions taken.
• Reporting & Collaboration (20%): Generate incident reports and dashboards for internal stakeholders. Collaborate with IT, Risk, and external partners to support investigations and enhance SOC maturity.

Main Activities

• Monitor and analyze security events across Sidian Bank systems to detect potential threats and anomalies in real time.
• Perform initial triage, threat validation, and escalation of incidents based on severity and impact.
• Conduct threat hunting activities to proactively identify indicators of compromise and emerging attack patterns.
• Coordinate incident response efforts, including containment, eradication, and recovery, in collaboration with IT and Risk teams.
• Maintain and tune SIEM detection rules, log sources, and alert thresholds to improve accuracy and reduce false positives.
• Generate timely and actionable incident reports for internal stakeholders, even under tight timelines.
• Work extended shifts, including nights and weekends, to ensure 24/7 SOC coverage and rapid response capability.
• Collaborate with system custodians to ensure remediation of identified risks and vulnerabilities within agreed timelines.
• Research emerging threats, attacker techniques, and defensive technologies to inform SOC strategy and tooling.
• Continuously review and improve SOC processes and playbooks to support agile threat response and operational efficiency.

Technical Competencies

• • Proficient in configuring and managing SIEM platforms for real-time event correlation, alerting, and incident triage across enterprise infrastructure.
  • Skilled in firewall and web application protection technologies, including rule validation, traffic analysis, and threat mitigation.
  • Experienced in endpoint protection and antimalware systems, supporting threat detection, containment, and response workflows.
  • Working knowledge of cloud environments with emphasis on log ingestion, access monitoring, and cloud-native threat detection.
  • Familiar with Agile-aligned SOC operations and DevSecOps toolchains used for incident tracking, automation, and continuous improvement.
  • Strong analytical and reporting capabilities, enabling clear escalation paths and actionable insights for governance and risk teams.
  • Understanding of financial services systems and regulatory expectations, ensuring SOC activities align with compliance and audit requirements.

• Experience in leading SOC shifts or mentoring junior analysts, promoting accountability, knowledge sharing, and operational resilience.

Risk & Compliance:

• Attend training and maintain knowledge of and comply with all bank policies and procedures, including Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules, and regulations.
• Participate or undertake Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing bank programs regularly, e.g., taking attestations, self-assessment tests, filling in compliance questionnaires as required.
• Comply and not to knowingly participate or assist in any violation of Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules, regulations or internal policies, procedure and guidelines.
• Report suspected money laundering cases to their respective heads of units or to the Money Laundering Reporting Officer as soon as such incidents occur immediately with a clear basis of suspicion.  
• Avoid Misrepresentation and Malicious Reporting – knowingly making a false, fictitious or fraudulent representation e.g. statement, report, document.
• Avoid Tipping Off customers being investigated so as not to knowingly prejudice an investigation by disclosing information.
• Not provide advice or other assistance to individuals who attempt to violate or avoid Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules, regulations or corporate policies.
• Respond to all AML/CFT/CPF queries when requested by Compliance Unit to allow the bank to comply with the requirements of The Anti-Money Laundering and Combating Financing of Terrorism Amendment Act.
• Co – operate fully with regulators and law enforcement agents and make available required documents and information.

DECISION MAKING AUTHORITY

• Operational – Solution Design dependent on CRs/BRDs assigned
• Strategic – Solution structuring to ensure ease of implementing future enhancements

ACADEMIC BACKGROUND

• A Bachelor’s degree in Computer Science, Information Technology, or related field.

WORK EXPERIENCE

• Minimum of 3 years’ working experience in Information Systems Security, including areas such as ethical hacking, vulnerability assessments, ICT audits, and system implementation reviews.
• Minimum of 2 years’ working experience in networking and operating systems, with exposure to both proprietary and open-source platforms. 
• Prior involvement in technical security assessments or audit support functions that enhance incident response and threat validation capabilities. 
• Cross-functional understanding of infrastructure and system-level configurations, contributing to more effective log analysis and root cause investigations.

SKILLS & COMPETENCIES

• Ability to use specialized tools and software to analyze, detect, investigate, and report on vulnerabilities and threats across enterprise environments.
• Knowledge and experience with key IT security products and controls, including event monitoring, data activity monitoring, endpoint protection, firewall management, and patch lifecycle oversight.
• Prior exposure to IT security operations within financial institutions, with an understanding of sector-specific risks and regulatory expectations.
• Keen attention to detail with a time-conscious approach, ensuring accuracy and responsiveness in high-stakes environments.
• Proven ability to perform under pressure in competitive and dynamic operational settings, maintaining composure and effectiveness during incident response and escalation.

PROFESSIONAL CERTIFICATION – ADDED ADVANTAGE

• ITIL Foundation
• Possess at least one security certification such as CEH (Certified Ethical Hacker); SSCP (Systems Security Certified Practitioner); OCSP (Offensive Security Certified Professional); CompTIA Security+

go to method of application »

JOB PURPOSE

Responsible for performing objective, independent, and reliable assessments of the effectiveness of the bank’s risk management activities, its compliance with applicable regulations, and its internal control-environment.  Execution of audit duties in the planning, scheduling, coordinating, reviewing and reporting in line with professional auditing standards and bank audit requirements.

KEY RESPONSIBILTIES 

• Audit Planning 
• Audit Execution / Performance
• Audit Reporting, Monitoring & Follow-up 
• Risk & Compliance

MAIN ACTIVITIES

Audit Planning

• Plan and conduct risk based & compliance audits in line with the work plan. Prepare audit plans for individual assignments as per the work plan allocations. 
• Review and develop audit programs and testing procedures relevant to risk, compliance and audit objectives for audits allocated.
• Monitor and evaluate key processes as identified in the risk assessment during assignment planning.
• Identify internal controls issues for key risk processes during planning to adequately test controls and processes. 

Audit Execution / Performance

• Perform audit procedures to verify the implementation and effectiveness of controls through testing and interacting with the relevant staff.
• Ensure successful completion of assigned/planned audit engagements, from start to finish, inclusive of preplanning, fieldwork and wrap up activities.
• Discuss audit findings and recommendations with the directors and departmental heads; identify and communicate control issues noted, offering practical solutions relevant to business and related risks.
• Use audit project management tools to record and track an audit project progress.
• Prepare of audit files for assignments allocated and ensure proper sign-off & filing of working papers.
• Carry out spot checks on keys areas such as cash count etc.

Audit Reporting, Monitoring & Follow-up 

• Prepare and submit timely, quality audit reports; engage in meetings with management and departmental heads and advise on improvements.
• Constantly monitor if the audit recommendations have been implemented by the management by way of tracking and follow- up audits and report on any gaps observed.
• Develop and maintain productive client and staff relationships.
• Assess, evaluate and advise management on how to achieve statutory/ legal compliance;
• Conduct ad-hoc/ special investigations and reviews as requested by management/ BARC
• Update the Internal Audit Manager on regular basis; on execution and progress on assigned tasks and any arising significant internal control issues
• Undertake any other tasks as assigned by Internal Audit Manager from time to time

Risk & Compliance

• Attend training and maintain knowledge of and comply with all bank policies and procedures including Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules and regulations.
• Participate or undertake Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing bank programs on a regular basis e.g. taking attestations, self-assessment tests, filling in compliance questionnaires as required
• Comply and not to knowingly participate or assist in any violation of Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules, regulations or internal policies, procedure and guidelines.
• Report suspected money laundering cases to their respective heads of units or to the Money Laundering Reporting Officer as soon as such incidents occur immediately with a clear basis of suspicion   
• Avoid Misrepresentation and Malicious Reporting – knowingly making a false, fictitious or fraudulent representation e.g. statement, report, document.
• Avoid Tipping Off customers being investigated so as not to knowingly prejudice an investigation by disclosing information.
• Not provide advice or other assistance to individuals who attempt to violate or avoid Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules, regulations or corporate policies.
• Respond to all AML/CFT/CPF queries when requested by Compliance Unit to allow the bank to comply with the requirements of The Anti-Money Laundering and Combating Financing of Terrorism Amendment Act
• Co – operate fully with regulators and law enforcement agents and make available required documents and information

DECISION MAKING AUTHORITY

This position reports to the Internal Audit Manager 

Decisions for this job are restricted audits allocated to the position as per the work plan. 

• Risk classification of an audit observation. i.e. whether High, Medium or Low
• Determine if an audit observation has been satisfactorily closed based on action taken, observation and management comments 

The Internal Auditor makes recommendations to the Manager on actions to be taken. Actions will only be taken upon approval of the recommendations.  

In making the recommendations, the Internal Auditor will be guided by;   

• Bank’s approved policies and standard operating procedures 
• Relevant and applicable Acts such as the Banking Act of Kenya, POCAMLA, etc. 
• Regulation – Prudential guidelines, Risk Management Guidelines 
• Professional standards from ICPAK, IIA 

ACADEMIC BACKGROUND

• Must have an undergraduate or graduate degree in finance or a business management related field. An accounting/finance degree is preferred.

WORK EXPERIENCE

• Must have a minimum of 3 years of experience in auditing or a minimum of 5 years operations experience in a bank

SKILLS & COMPETENCIES

• Strong interpersonal skills 
• Analytical skills
• Team player 
• Report writing and general communication skills
• Ability to frequently travel for long periods and on short notice

PROFESSIONAL CERTIFICATION

• CPA and/or CIA and/or CISA.