IT Risk Officer Job in Kenya

Job Purpose

Reporting to the Head of Risk & Compliance, the IT Risk Officer will be responsible for providing continuous independent risk management oversight on the Bank’s Technology investments and Information Security framework with regard to confidentiality, integrity, and availability of the IT infrastructure, processing systems, and related resources in line with the Bank’s Information Security and Risk Management policy.

Key Responsibilities


  •  Assessing the risks and exposures related to cyber security and determining whether they are aligned to the institution’s risk appetite.
  •  Monitoring current and emerging risks and changes to laws and regulations.
  •  Collaborating with system administrators and others charged with safeguarding the information assets of the institution to ensure appropriate control design.
  •  Maintaining comprehensive cyber risk registers.
  •  Ensuring implementation of the cyber and information risk management strategy.
  •  Safeguarding the confidentiality, integrity and availability of information.
  •  Ensuring that a comprehensive inventory of IT assets is established and maintained.
  •  Quantifying the potential impact by assessing the residual cyber risk and considering risks that need to be addressed through insurance as a way of transferring cyber risk.
  •  Reporting all enterprise risks consistently and comprehensively to the Board to enable the comparison of all risks equally in ensuring that they are prioritized correctly.
  •  Conduct red team exercises (accurate simulation of cyber-crime attacks).
  •  Ethical hacking

Qualifications and Competencies

  •  Possession of a bachelor’s degree in a Computer Science, Information Technology or related field from a recognized university.
  •  Possession of professional qualifications such as CISM, CISA, Security+, CASP, CCNA security or CISSP
  •  Membership to a relevant professional body.
  •  Should have a minimum of five years’ relevant working experience, with two years’ experience in IT Risk or Information Security.
  •  Should have experience and knowledge of best practice IT controls and thorough understanding of regulatory requirements.
  •  Should have experience in ethical hacking, control design, operation and effectiveness testing.
  •  Should have thorough understanding of security practices, the design of secure systems and the operation of security processes and technology. 

How To Apply

Qualified and interested candidates who meet the above requirements should send their application in HARD COPIES quoting the title of the position applied for on the cover letter and envelope, together with a detailed Curriculum Vitae, copies of certificates and the contact information of three referees to:

The Head of Human Resources
Consolidated Bank of Kenya Limited
P.O. Box 51133 – 00200
NAIROBI

All applications should be sent through the above address ONLY, and received no later than 5.00 p.m. on Thursday, 1st August 2024. Only selected candidates will be contacted.