Our history dates back to 1986 when we were incorporated under the brand name, Credit Kenya Limited and commenced operations the same year as a financial institution. Later in 1995, we upgraded to a fully-fledged commercial bank and changed our brand name to Credit Bank Limited (CBL). The Bank currently has sixteen branches dotted across the country. In Nairobi, we have five branches in City Centre – Koinange Street (opened in 1995), Westlands – Empress Office Suites (2010), Industrial Area branch – Butere Road (2010), Lavington – Lavington Mall (2014) and Ngong Road – Silkwood Office Suites (2016). Our upcountry branches are in Kisumu – Swan Centre (1998), Nakuru – Giddo Plaza (2001), Kisii – Hospital Road (2004), Nakuru – Kenyatta Avenue branch (2012), Eldoret – Zion Mall (2013), Ongata Rongai – Maasai Mall (2013), Mombasa – Nyali Center (2013), Machakos – MboluMalu Road (2014), Thika – Biashara Plaza (2014), Kitengela – Safari House (2014), and Meru Town – Stemuki Building (2016) The Bank is committed to deliver cost effective innovative financial service solutions. The Bank works in partnership with all customers to help them realize their personal and business dreams as well as creating tangible value giving them an unforgettable experience. Credit Bank has a long and deep heritage, giving it tremendous potential to exploit economic and financial opportunities while effectively managing any business threats with the aim of achieve its strategic goals. The Bank has a strategic focus to be an institution of choice offering financial solutions driven by efficiency, innovation and technology.
Reports To: Chief Manager Risk And Compliance
Division: Head Office
Protecting Something Valuable
Job Purpose
Responsible for providing continuous independent assurance on the bank’s Information Security as regards confidentiality, integrity and availability of the IT infrastructure, processing systems and related resources in line with the Information Security Policy.
Key Responsibilities
- Overseeing and implementing the bank’s cybersecurity program and enforcing the
- cybersecurity policy.
- Ensuring that the bank maintains a current enterprise-wide knowledge base of its users, devices, applications, and their relationships, including but not limited to:
- Software and hardware asset inventory,
- Network maps (including boundaries, traffic and data flow)
- Network utilization and performance data.
- Ensuring that information systems meet the needs of the Bank and the ICT strategy, in particular information system development strategies, comply with the overall business strategies, risk appetite and ICT risk management policies of the bank.
- Design cybersecurity controls with the consideration of users at all levels of the bank, including internal and external users.
- Ensure an updated risk register is in place in order to keep abreast of the latest risks facing information technology and ways to mitigate them.
- Organizing professional cyber related trainings to improve technical proficiency of staff members.
- Supervise the design and execution of a comprehensive cyber risk assessments, vulnerability assessments, penetration tests and security audits are conducted.
- Ensuring that adequate processes are in place for monitoring IT systems to detect
- cybersecurity events and incidents in a timely manner.
- Reporting to the Head of Risk & Compliance on an agreed intervals on detailed exceptions to the approved cybersecurity policies and procedures, assessment of the effectiveness of the approved cybersecurity programs, all material cybersecurity events that affects the bank during the period and assessment of the confidentiality, integrity and availability of the information systems in the bank.
- Ensuring timely update of the incident response mechanism and Business Continuity
- Plan (BCP) based on the latest cyber threat intelligence gathered.
- Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
- Ensuring frequent data backups of critical IT systems are carried out.
- Ensuring the roles and responsibilities of managing cyber risks, including in emergency orcrisis decision-making, are clearly defined, documented, and communicated to relevant staff members.
- Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the bank can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
- Ensure timely submission of Risk Control Self-Assessment (RCSA) exercise and all identified risks and gaps are followed up for mitigation.
- Ensure timely submissions of cyber security returns to the regulator.
- Ensure compliance to regulatory notices and guidelines.
Selection Criteria
- Degree in Information Security/Computer Forensics/Computer Science/Information Technology Information security certifications e.g., CISM, CISSP, CEH, GIAC, OSCP
- Demonstrate a good understanding of IT Security administrative operations and controls around Network, Operating Systems Applications and Databases
- Knowledge in System administration, Network Administration, Operating Systems administration (Linux and Windows) as this will be critical for the execution of risk assessments
- Possession of ISO 27001 or ISO 31000 certification is an added advantage
- At least 5 years’ experience in IT Security field
- Good communication and report writing skills required for preparation of Board Reports on Cybersecurity risks
- Team player and attention to detail
The post Information Security Manager at Credit Bank appeared first on Jobs in Kenya - http://jobcenterkenya.com/.
No comments:
Post a Comment