Cooperative Bank of Kenya is a commercial bank in Kenya, the largest economy in the East African Community. It is licensed by the Central Bank of Kenya, the central bank and national banking regulator.
Here is an exciting opportunity for you to join our ICT Risk & Control team. Are you able to identify and assess threats, put plans in place ‘if things go wrong’ and advise how to avoid, reduce or transfer risks in an IT environment? Co-operative Bank has a perfect career opportunity for you.
Reporting to the Head – ICT Risk & Control, the role holder will provide continuous ICT Project assurance in relation to confidentiality, integrity and availability of the IT infrastructure, processing systems and related resources in line with the Bank Information Security Policy.
- Be actively involved and provide risk & security guidance during technology projects, systems deployment, upgrades and changes.
- Proactively provide ICT security & risk requirements for incorporation in Business Requirements Documents, Functional Specifications Documents & RFPs of new ICT systems.
- Proactively participate in technical solution design for new systems, ensuring that security requirements are well defined.
- Perform vulnerability assessments & penetration tests on new Bank systems, applications and technology, identifying vulnerabilities and recommendations on closure of these vulnerabilities, prior to new systems go-live.
- Perform a fraud risk assessment on new systems and processes within the project scope and provide recommendations on countermeasures.
- Ensure interfaces for new systems are secured from intrusion, and user activities in new systems are detailed, traceable and logged.
- Pro-actively provide guidance on security tools required to effectively manage and control Bank systems.
- Pro-actively perform risk assessments for ongoing ICT projects and prepare risk reports for new systems & projects in readiness for Change Approval Board meetings.
- Proactively develop and constantly review system Minimum Baseline Security Requirements for new ICT systems & projects.
- Regularly provide recommendations to ICT leadership on areas of improvement towards securing ICT systems.
- Provide information security training & awareness to ICT systems project teams (Systems development teams, project managers, business analysts)
- Maintain ICT risk registers for ICT projects and submit periodical and ad-hoc reports as required by HOD and Chief Risk Officer.
- Ensure strict adherence to all regulations, statutes, standards, practices and all internal processes and procedures as per the relevant manuals and comply with all relevant external legislation and regulations with regard to compliance requirements.
- Bachelor’s degree in Information Technology or related fields.
- 3 years prior experience in information security or systems audit function. Experience in the Banking industry will be a value add.
- Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) certification. IT security and risk certifications e.g. CISSP, CRISC, CEH, etc. will be an added advantage.
- Experience in system propagated forensic investigations will be an added advantage.
- Good understanding of project management methodology and concepts and a good appreciation of risk, systems security control processes.
- Detailed knowledge of the Bank’s Operating procedures and good knowledge of the Bank’s products and services.
- Understanding of Information Systems architecture and operational practices as well as good grasp of Information Security and control objectives with an appreciation of audit methodologies.
- Experience in performing analytical roles in complex business environments.
- Advanced computer skills including IT skills, word, excel, power point.
- Training in IT infrastructure and operating systems.
- Training in Implementing Information security policies.
Method of Application
Applicants should please forward detailed Curriculum Vitae to firstname.lastname@example.org indicating the job reference number “IRPO/RM/2017” by 20th October, 2017. We are an equal opportunity employer.