Job Purpose
Reporting to the Head of Risk & Compliance, the
IT Risk Officer will be responsible for providing continuous independent risk
management oversight on the Bank’s Technology investments and Information
Security framework with regard to confidentiality, integrity, and availability
of the IT infrastructure, processing systems, and related resources in line
with the Bank’s Information Security and Risk Management policy.
Key Responsibilities
- Assessing the risks and exposures related to cyber
security and determining whether they are aligned to the institution’s
risk appetite.
- Monitoring current and emerging risks and changes to
laws and regulations.
- Collaborating with system administrators and others
charged with safeguarding the information assets of the institution to
ensure appropriate control design.
- Maintaining comprehensive cyber risk registers.
- Ensuring implementation of the cyber and information
risk management strategy.
- Safeguarding the confidentiality, integrity and
availability of information.
- Ensuring that a comprehensive inventory of IT assets is
established and maintained.
- Quantifying the potential impact by assessing the
residual cyber risk and considering risks that need to be addressed
through insurance as a way of transferring cyber risk.
- Reporting all enterprise risks consistently and
comprehensively to the Board to enable the comparison of all risks equally
in ensuring that they are prioritized correctly.
- Conduct red team exercises (accurate simulation of
cyber-crime attacks).
- Ethical hacking
Qualifications and Competencies
- Possession of a bachelor’s degree in a Computer Science,
Information Technology or related field from a recognized university.
- Possession of professional qualifications such as CISM,
CISA, Security+, CASP, CCNA security or CISSP
- Membership to a relevant professional body.
- Should have a minimum of five years’ relevant working
experience, with two years’ experience in IT Risk or Information Security.
- Should have experience and knowledge of best practice IT
controls and thorough understanding of regulatory requirements.
- Should have experience in ethical hacking, control
design, operation and effectiveness testing.
- Should have thorough understanding of security
practices, the design of secure systems and the operation of security
processes and technology.
How To Apply
Qualified and interested candidates who meet the
above requirements should send their application in HARD COPIES quoting
the title of the position applied for on the cover letter and envelope,
together with a detailed Curriculum Vitae, copies of certificates and the
contact information of three referees to:
The Head of Human Resources
Consolidated Bank of Kenya Limited
P.O. Box 51133 – 00200
NAIROBI
All applications should be sent through the above
address ONLY, and received no later than 5.00 p.m. on Thursday, 1st
August 2024. Only selected candidates will be contacted.