Head of I.T. Risk & Security
Job Ref: I.T. 03/2010
Reporting to the Divisional Director IT, The position is Responsible for assuring the required level of security, business continuity and risk management according to security policies and standards of an enterprise.
It is also expected to bring the organization’s information security risks under explicit management control through the Information Security management System
Key Responsibilities
The major responsibilities of this position will be:
Job Ref: I.T. 03/2010
Reporting to the Divisional Director IT, The position is Responsible for assuring the required level of security, business continuity and risk management according to security policies and standards of an enterprise.
It is also expected to bring the organization’s information security risks under explicit management control through the Information Security management System
Key Responsibilities
The major responsibilities of this position will be:
- Accountable for the security of the core banking system (i.e. T24 security management and administration).
- Coordinating, developing and enforcing IT policies, standards and procedures.
- Identifying risks via: analysis of monthly metrics and other indicators; review of IT certification reports, security assessments, requests for policy/standard exceptions and health check results; responding to escalations and queries; regular discussions with the departments; and other means that may be available.
- Assessing identified risks in conjunction with IT and the business to determine the impact/materiality in terms of financial loss/cost, reputation and/or regulatory risk and the likelihood and potential frequency of such risk occurring.
- Ensuring appropriate transparency/escalation of all significant risks as appropriate in the weekly and monthly reports, and priority notifications.
- Ensuring appropriate action plans and delivery dates are in place to address material risks and any open internal or external audit items or regulatory issues, and tracking these actions to completion.
- Coordinating with internal and external auditors to ensure timely and responsive auditors, appropriate findings, and appropriate management responses and action plans.
- Coordinating with Operational Risk Control to ensure transparency of risks, appropriate measures in place to mitigate risks to within the Business risk appetite, and a positive and open working relationship.
- Providing guidance within the departments on topics related to ICT risk management such as achieving compliance with standards and policies, staying within the risk appetite of the KCB.
- Develop and implement an incidence monitoring, reporting and response system to address the banks security incidents/breaches, respond to alleged policy violation or external parties.
- Participation in the implementation of the Group Data Protection and Data Confidentiality programs.
- Implementing and establishing a process for safeguarding authentication devices against interference, loss and theft
- Establishing and maintaining procedures for maintaining and safeguarding cryptographic keys
- Responsible for security related tests(e.g. vulnerability, penetration testing)
- Responsible for the Business Continuity Management for IT tests and Systems
- Responsible for driving and developing Business Impact Analysis and Risk Control Self Assessment reports.
- Assessing and approving the IT Recovery Plans and Bank Business Continuity Plans in as far as IT systems are concerned.
The Person
For the above position, the successful applicants should have: -
For the above position, the successful applicants should have: -
- A Bachelors of Science in Computing or related degree from a recognised University
- Must possess at least one internationally recognizable IT security certification such as CISM, CISSP or CISA.
- A minimum of 5 years experience in Information Technology, 3 of which must be in Senior IT Security Management with hands on experience in:
- T24 Security management
- Software and security architectures
- IPS and vulnerability Testing tools
- Active Directory management,
- IT Security on operating systems and databases (UNIX, Microsoft, Oracle, SQL)
- Wide knowledge of web security architecture.
- Knowledge and skills on encryption, VPN
- Knowledge of web programming languages (ASP, .NET, JavaScript, etc) will be an added advantage
- Ability to work conscientiously and independently with minimal supervision. This calls for a person of high integrity and motivation, willing to work long and odd hours and willingness to travel out of station.
- Be a team player with the ability to network with other staff to obtain high standard of performance
The above position is a demanding role which the bank will provide a competitive package for the successful candidates.
To Apply:
If you believe you can clearly demonstrate your abilities to meet the criteria given above, please submit your application with a detailed CV, stating your current position, remuneration level, e-mail and telephone contacts quoting the respective job title or job ref in the subject field to recruitment@kcb.co.ke.
To be considered your application must be received by 24th September 2010.
Only short listed candidates will be contacted
To Apply:
If you believe you can clearly demonstrate your abilities to meet the criteria given above, please submit your application with a detailed CV, stating your current position, remuneration level, e-mail and telephone contacts quoting the respective job title or job ref in the subject field to recruitment@kcb.co.ke.
To be considered your application must be received by 24th September 2010.
Only short listed candidates will be contacted
More Jobs and Vacancies in East Africa available here
No comments:
Post a Comment