Job Title: IT Risk Officer
Hiring Organization: Consolidated
Bank
Location – Locality: Nairobi
Location – Region: Kenya
Industry: Banking
Job Type: Full
Time
Salary: KES
Date Posted: 07/19/2024
Consolidated Bank of Kenya Limited was incorporated
on 7th December, 1989 . This was in an effort to stabilize the financial sector
through the acquisition of nine insolvent institutions and thereafter
restructuring them into a viable, professionally run commercial bank. The Bank
enjoys an independent, dynamic, result oriented culture and a flexible and
innovative approach. We understand the markets in which our clients operate and
offer a service built on personalized and specialized banking solutions. We offer
one of the widest range of banking products and services in the market today.
We realize that a growing business demands a lot of time and energy. We
understand these challenges and continuously develop flexible, innovative and
convenient financial solutions to help our customers achieve personal and
business success. With years of banking experience and special focus on SMEs,
we are in a strong position to help growing businesses unlock their potential
and sail through the complexities they may face. The bank is fully owned by the
Government with the majority shareholding in the bank (78%) held by The
National Treasury. The remaining shareholding is spread over twenty-five (25)
parastatals and other quasi government organizations.
Job Purpose
Reporting to the Head of Risk & Compliance, the
IT Risk Officer will be responsible for providing continuous independent risk
management oversight on the Bank’s Technology investments and Information
Security framework with regard to confidentiality, integrity, and availability
of the IT infrastructure, processing systems, and related resources in line
with the Bank’s Information Security and Risk Management policy.
Key Responsibilities
- Assessing the risks and exposures related to
cyber security and determining whether they are aligned to the
institution’s risk appetite.
- Monitoring current and emerging risks and
changes to laws and regulations.
- Collaborating with system administrators and
others charged with safeguarding the information assets of the institution
to ensure appropriate control design.
- Maintaining comprehensive cyber risk registers.
- Ensuring implementation of the cyber and
information risk management strategy.
- Safeguarding the confidentiality, integrity and
availability of information.
- Ensuring that a comprehensive inventory of IT
assets is established and maintained.
- Quantifying the potential impact by assessing
the residual cyber risk and considering risks that need to be addressed
through insurance as a way of transferring cyber risk.
- Reporting all enterprise risks consistently and
comprehensively to the Board to enable the comparison of all risks equally
in ensuring that they are prioritized correctly.
- Conduct red team exercises (accurate simulation
of cyber-crime attacks).
- Ethical hacking
Qualifications and Competencies
- Possession of a bachelor’s degree in a Computer
Science, Information Technology or related field from a recognized
university.
- Possession of professional qualifications such
as CISM, CISA, Security+, CASP, CCNA security or CISSP
- Membership to a relevant professional body.
- Should have a minimum of five years’ relevant
working experience, with two years’ experience in IT Risk or Information
Security.
- Should have experience and knowledge of best
practice IT controls and thorough understanding of regulatory
requirements.
- Should have experience in ethical hacking,
control design, operation and effectiveness testing.
- Should have thorough understanding of security
practices, the design of secure systems and the operation of security
processes and technology.
How To Apply
Qualified and interested candidates who meet the
above requirements should send their application in HARD COPIES quoting the
title of the position applied for on the cover letter and envelope, together
with a detailed Curriculum Vitae, copies of certificates and the contact
information of three referees to:
The Head of Human Resources
Consolidated Bank of
Kenya Limited
P.O. Box 51133 – 00200
NAIROBI
All applications should be sent through the above
address ONLY, and received no later than 5.00 p.m. on Thursday, 1st August
2024. Only selected candidates will be contacted.
