Head Group Cybersecurity at KCB Bank Kenya

Job Description

(adsbygoogle = window.adsbygoogle || []).push({}); Kenya Commercial Bank Limited is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, . The holding company oversees KCB Kenya – incorporated with effect from January 1, – and all KCB’s regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan. It also owns KCB Insurance Agency, KCB Capital, KCB Foundation and all associate companies. The holding company was set up to among other things to enhance the Group’s capacity to access unrestricted capital and also enable investment in new ventures outside banking regulations, achieve operational and strategic autonomy for the Group’s operating entities and enhance corporate governance across the Group and oversight in management of subsidiaries.

Key Responsibilities

Establishing and maintaining KCB Group’s cybersecurity vision, strategy, and program to ensure information assets and technologies are adequately protected and defended. Developing and enforcing cybersecurity policies, standards, and procedures to ensure proper operations and maintenance of Technology assets. Ensuring the properties of security, authenticity, accountability, non-repudiation and reliability of information and information processing systems are preserved. Promoting user awareness of good cybersecurity practices, current threats, and the Group’s cybersecurity policies & procedures among all Group employees, vendors, and customers. Incident Handler in the Group’s Cybersecurity Incident Response and Recovery Team (CIRRT). Identifying and assessing ICT risks in conjunction with other departments in Technology Division, Group control functions and lines of business to determine their materiality. Implementing appropriate transparency/escalation of all significant ICT risks as appropriate through regular reports to executive management, and priority notifications to ensure minimum exposure to ICT risk. Ensuring appropriate action plans and delivery dates are in place to address material risks and any open internal or external audit items or regulatory issues and tracking these actions to completion. Providing guidance within Technology Division on topics related to ICT risk management such as achieving compliance with internal policies, regulatory requirements, and international standards in order to remain within the risk appetite of KCB Group. Implementing technical controls in support of the Group Data Privacy programs.

The Person 

For the above position, the successful applicant should have the following:

BSc. Information Technology / Computer Science / Telecommunications / Engineering or related field. At least one certification from the list below: CISSP: Certified Information Systems Security Professional. CISA: Certified Information Systems Auditor. CISM: Certified Information Security Manager. CCISO: Certified Chief Information Security Officer. 10 years progressive working experience with at least 8 years’ experience in: Information Security Management Governance, Risk Management and Compliance Security Architecture and Engineering Security Program Management and Operations. Experience in Communication and Network Security, Identity and Access Management, Software Development, Security Assessment and Testing.