Job Openings at National Bank of Kenya - 2 Positions

Job Ref No. HR/034/2018

Division: ICT

Reporting to: Director- ICT

Position Scope:

Reporting to the Director ICT, the successful candidate will be responsible for driving the implementation of Information Systems Security Strategy whilst protecting the Bank from security/cyber threats. He/She will be expected to provide continuous independent assurance on the Bank’s information systems security, specifically on integrity, confidentiality and availability of information by ensuring appropriate security controls are in place to protect the Bank’s assets from information security related risks while at the same time managing compliance with the Bank’s information security policy and regulatory standards.

Key Responsibilities:

• Take part in developing and enforcing IT Security policies, standards and procedures to ensure proper operations and maintenance of the IT assets
• Managing the daily operation and implementation of the IT security strategy
• Performing IT security risk assessments and reporting on ways to minimize threats and identifying areas for improvement
• Audit and monitoring of internal and external information security infrastructure, including but not limited to Firewalls, Proxy Servers, Anti-Virus, E- mail security applications, Intrusion Detection Software
• Devising strategies and implementing IT solutions to minimize the risk of cyber-attacks
• Monitoring security vulnerabilities and hacking threats in the Bank network and host systems
• Tracking latest IT security innovations and keeping abreast of latest cyber security technologies
• Communicating with key stakeholders about IT security threats
• Implementing an effective process for the reporting of security incidents
• Overseeing the investigation of reported security breaches
• Developing strategies to handle security incidents and trigger investigations
• Developing and implementing business continuity plans to ensure service is continuous when a change programme is introduced or a security breach occurs or in the event that the disaster recovery plan needs to be triggered
• Take part in IT change projects and advise on how to build new IT capabilities
• Delivering new security technology approaches and implementing next generation solutions
• Overseeing the management of the IT security department, giving leadership to the team and developing staff
• Ensuring the Bank complies with all existing policies/regulations and compliance requirements
• Championing and educating all internal stakeholders about the latest security strategies and technologies
• Protecting the intellectual property of the Bank at all times
• Advising the Director ICT and the senior management team on IT security

Education Qualifications, Skills & Experience

• Bachelor’s Degree in Computer Science, Information Systems, Information Security or related field from a recognised University.
• Must possess professional qualifications such as CISA, CCNA, MCSE, CISM and Ethical Hacking.
• At least eight (8) years’ working experience in IT of which five (5) years should have been in administering IT security controls in an organization – preferably financial institution at management level.
• Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
• Experience with IPS/IDS and SIEM technology.
• Experience in leading and managing teams.
• Excellent communication skills
• Analytical mind capable of managing numerous information sources and providing data analysis reports to senior management.

go to method of application »

Job Ref No.HR/004/2018

Division: Risk

Reporting to: Head of Security & Investigations

Position scope:

Reporting to the Head of Security & Investigations, the successful candidate will be responsible for examining and investigating Digital and Electronic frauds affecting the Bank whilst delivering evidence as and when required in a court of law. The individual should have the ability to retrieve information from computers and other types of data storage devices whether in working condition or damaged either externally or internally corrupted by hacking or viruses.

Key Responsibilities:

• Conduct fraud examinations touching on digital media to identify and document relevant findings.
• Investigate cases of fraud perpetrated through electronic channels or devices and produce reports using defined forensic policy, practices, and procedures.
• Acquire, collect, document, and preserve evidence from various forms of electronic media and equipment in accordance with Bank’s policy, and the law.
• Testify in examination process, chain of custody and findings.
• Work closely with business in identifying risks for products that use digital platforms and offer relevant advice as may be required.
• Assist in conducting fraud analysis and providing management information for decision making.
• Identify forensic requirements, research, test, analyse, and recommend solutions for management approval.
• Conduct fraud risk assessment on IT infrastructure and applications and recommend requisite corrective action.
• Recover and examine data from computers and other electronic storage devices in order to detect any fraudulent activities and prepare evidence for use during internal disciplinary process and or criminal prosecutions.
• Prepare technical reports detailing how the computer evidence was discovered and all the steps taken during the retrieval process.
• Research and keep abreast with the new forensic methodologies and technology and also train colleagues and staff on proper procedures with regard to computer evidence.
• Assist with the seizure of computer-related evidence, preparation of search warrants, and the preparation of investigative information for court and or disciplinary purposes.
• Conduct vulnerability assessments on computer hardware, software, and network systems for all key Bank systems.
• Offer Technical advice and support to Head of Security & Investigations, Chief Risk Officer and the relevant law enforcement agencies on computer crime and digital forensic analysis
• Prioritization and project management of fraud/forensic investigations by establishing risk based plans and effectively implementing them.
• Make value adding recommendations to address areas of vulnerability to fraud.
• Ensure that significant offences of theft, fraud & dishonesty against the bank are investigated and reported in a consistent manner.
• Serve as a technical consultant to the Bank on computer crime and digital forensic analysis

Education Qualification, Skills & Experience

• Bachelor's Degree in Information Technology or Computer Science.
• Professional Certification in any of the following field is a MUST, Certified Forensic Computer Examiner (CFCE), CISM, CISA, certified Ethical Hacker (CEH), CFE.
• A good knowledge of Information Security & Systems Audit.
• Minimum of 5 years’ experience in a Bank’s Forensic Department.
• Knowledge/experience in internal audit and law enforcement processes.
• Proficient technical experience in troubleshooting personal computers.
• A good understanding of file system types and hard disk drive structures.
• An understanding of data collection and preservation principles.
• Ability to conduct data mining, data analysis and reporting.
• An understanding of networking concepts and systems.
• Good understanding of security appliances including but not limited to IDS, IPS, Firewall, and SIEM systems.
• Proficient written and oral communication skills.
• Ability to describe complex technical concepts and ideas in non-technical terms.
• Knowledge of Windows, Apple, and Linux based computer technologies.