NCBA Group Head - Information Security Jobs in Kenya

NCBA Group Head - Information Security Jobs in Kenya

Job Purpose Statement

The role of Head, Information Security will provide continuous assurance of NCBA Group’s information systems around confidentiality, integrity and availability of information, and ensure protection of these information assets by ensuring appropriate security controls are in place to protect the Group’s technology and information assets from information & cyber security related risks.

This role will define and execute the information security strategy and roadmap for the Group, ensuring that governance and assurance in information security is enshrined and practiced within the Group, appropriate technology systems and controls are implemented, as well as ensuring that key technology projects and initiatives are compliant with security best practices and guidelines.

Key Results Areas

Strategy and Roadmap

Develop and align the information security
strategy to the Group and Information Technology strategy, to ensure information security supports business objectives.

Execute an information security roadmap,
aligned to information technology roadmap and in support of business growth.

Define Information Security architecture in line with the technology architecture blueprint and best practice.

Cyber Security Defence

Setup and implement Information Security
practices around patching, vulnerability, malware management program etc. within the Group, ensuring that vulnerability assessments & penetration testing is conducted and patching and remediation of vulnerabilities is done as per policy and procedure.

Drive the implementation, administration and
support of technology control systems as per the IS roadmap.

Implement continuous monitoring of technology assets for cyber incidents that impact on confidentiality, integrity and availability of systems, by putting in place the appropriate people, processes and technology.

Implement security incident response for
effective response, containment and recovery from security incidents or breaches.

Cyber Security Assurance

Provide information security assurance to
technology systems to ensure that new products, services, channels and other IT changes introduced meet the security compliance thresholds.

Participant as a key stakeholder in the Bank’s
Change Management governance process (Change Advisory Board) with responsibility to approve or reject changes that do not meet the compliance threshold.

Participate and contribute towards developing
and supporting IT practices (e.g. agile, DevSecOps)

Information Security Governance

Develop and implement Group Information
Security framework, strategy, policy and procedures.

Ensure that best practice and regulatory
guidelines on Cyber Security are enshrined within the Group’s policies and procedures.

Develop and implement an effective
information

security awareness program covering all staff and key stakeholders of the Bank.

Develop and implement a robust IT Business
Continuity Management program, ensuring that effective BCP & DR processes are setup
and executed.

IT department risk champion, interfacing with
the compliance teams to manage technology risk and audit engagements.

People Leadership

Provide effective leadership to the Information Security team, and work with peer IT heads and other IT staff to ensure a conducive work environment.

Provide leadership, performance management, talent management, training and development programs, coaching and mentoring for the Information Security team

Liaise with internal and external stakeholders
(vendors, regulator and consultants) in ensuring
that the information security objectives are met.

Ideal Person Specifications

Bachelor’s Degree in Information Systems, Computer Science, Information Security or related field required

7-10 years in information security or information security governance experience, with 5 years in a managerial role within a highly digitized organization, with a proven ability to engage with Senior Management and regulators.

4+ years’ experience conducting IT compliance assessments or administering IT security controls in an organization.

Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.

Experience with security technologies & controls including IPS/IDS, SIEM, DLP and other security technologies.

Relevant certifications in information security knowledge areas, such as Information Systems Audit, Information Security Management and Ethical Hacking.

Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access
Management (IAM)

Knowledge of banking or financial services fundamentals and processes (prior experience working within a financial service organization is an added advantage)

Excellent communication, analytical and reporting skills

Knowledge in project management skills.

How to Apply

For more information and job application details, see; NCBA Group Head - Information Security Jobs in Kenya

Find jobs in Kenya. Jobs - Kenya jobs. Search our career portal & find the latest Kenyan job positions, career opportunities & jobs in Kenya.

Jobs in Kenya - banking jobs, IT jobs, accounting jobs, NGO jobs, business administration, ICT, UN jobs, procurement jobs, education jobs, hospital jobs, human resources jobs, engineering, teaching jobs, and other careers in Kenya.

Find your dream job from 1000s of vacancies in Kenya posted and updated daily - click here!