Cybersecurity Analyst (Business Analyst 1), Policy Division - Bank Supervision Department

ABOUT THE COMPANY

The Central Bank of Kenya was established in 1966 through an Act of Parliament - the Central Bank of Kenya Act of 1966. The establishment of the Bank was a direct result of the desire among the three East African states to have independent monetary and financial policies. This led to the collapse of the East Africa Currency Board (EACB) in mid 1960s.
Following the promulgation of the new constitution on August 27th, 2010, the Central Bank of Kenya (CBK) is now established under Article 231 of the Constitution, 2010. Under this Article the Central Bank has the responsibility of formulating monetary policy, promoting price stability, issuing currency and performing any other functions conferred on it by an Act of Parliament.
The Constitution guides that “the Central Bank shall not be under the direction or control of any person or authority in the exercise of its powers or performance of its functions”.

JOB SUMMARY

Qualifications1. Bachelor’s Degree in Computer Science, Computing and Information Systems, Network Engineering or other IT/security/network-related degrees.2. Certified Ethical Hacker (CEH), Licensed Penetration Tester (LPT), Offensive Security Certified Professional (OSCP), Cisco Certified Internetwork Expert (CCIE) Security, CSX Practitioner or related penetration testing certification with IT audit experience preferred.3. Certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP) or related discipline.4. Active membership in at least one (1) relevant professional body.Work ExperienceAt least two (2) year post-qualification experience in Information Systems Audit or Cybersecurity review, vulnerability assessments and penetration test and any other relevant area.

RESPONSIBILITIES

Strategic Responsibilities1. Contributes as appropriate to the overall achievement of the Central Bank’s strategic objectives.Technical and Operational Responsibilities2. Conduct comprehensive onsite surveillance of licensed Financial Institutions to ensure compliance with the relevant laws, regulations and guidelines. This will include normal inspection engagement activities, including examining the adequacy of IT risk management practices of a Financial Institution in support of the accuracy and reliability of Financial Statements.3. Conduct Vulnerability Assessment and Penetration Tests (VAPTs) to evaluate the security of a Financial Institution’s IT systems, network and applications.4. Document the results of inspection engagements in accordance with the Department’s guidelines using the Audit Management software., e.g. TeamMate.5. Conduct Cybersecurity risk assessments of licensed Financial Institutions, covering internal, external and third-party Cyber risks. This includes risks associated with partnerships with Financial Technology (Fintech) companies on the introduction of new products and services.6. Review Cybersecurity policies and procedures instituted by licensed Financial Institutions to ensure alignment with Prudential, Risk Management Guidelines and Best Practices.7. Review licensed institutions’ annual reports on Cybersecurity audits and vulnerability assessments and follow up on the resolution of highlighted recommendations.8. Analyse reported Cybersecurity incidences and prepare periodic reports.9. Follow up with the supervised Financial Institutions on Cyber incidence response and recovery activities for business continuity.10. Coordinate with other CBK departments, including Cyber Fusion Unit (CFU), Banking and Payment Services (BPS) and/or Information Technology Department (ITD) as required, to ensure that optimal guidance and response activities are undertaken by the affected institutions.11. Monitor reported incidents to identify attack trends and determine suitable mitigation strategies.12. Perform other additional tasks that the team will be involved in, including the preparation of various internal and external documents, e.g. memos, reports, and correspondence letters.13. Any other responsibility as may be assigned by the Line Manager.

REQUIRED SKILLS

Consumer protection act, Cyber security, HSE (Health, Safety and Environment), Data protection act (GDPR, etc.)

REQUIRED EDUCATION

Bachelor's degree