The role holder will assist in providing continuous independent assurance of the Bank’s Information Security as regards confidentiality, integrity and availability of the IT Systems by ensuring that appropriate security controls are in place to protect the Bank’s assets. The role holder will also ensure that ICT-related risks are managed in compliance to the Bank’s policies, laws, regulatory guidelines and applicable standards.
  • Carry out ICT risk assessments of the Bank’s systems and provide recommendations of appropriate and adequate IT security controls to mitigate and minimize ICT Risks.
  • Participate and coordinate updating ICT Risks registers.
  • Promote Information security awareness within the Bank by providing consultation, guidance and conducting relevant awareness programs to ensure an IS complaint culture.
  • Proactively anticipate potential threat and vulnerabilities and provide guidance in coordination with the ICT department on effective responses or control measures to be implemented to mitigate them.
  • Support the operationalization and update of BCP and disaster recovery test plans to ensure that the Bank can continue to function and meet its regulatory obligations in the event of an unforeseen circumstances.
  • Working with ICT, coordinate the development of Business Impact Analysis (BIAs) in line with the Bank’s risk management framework.
  • Support Data Protection Program by providing analysis and documentation of data processing operations, data flow, services, applications, etc. and to contribute to the identification of Data Privacy risks, risk mitigation in order to comply with Kenya Data Protection Act and the Bank’s policies.
  • Work with other members of the Data Protection team to action and administer the Data Privacy Impact Risk Assessments (DPIAs), identifying where assessments are required and working with business. stakeholders to drive completion of DPIAs, maintaining full and complete records and timetables for review.
  • Keep up to date with emerging information security trends, and understand, relevant laws and regulations such as data privacy laws.
  • Execute any other duties and projects that may be assigned to you by the Line Manager or/and Head of Department.
  • Bachelor’s degree in Information Technology, Computer Science, Cybersecurity or another IT related field.
  • At least 2 years in Information Technology with proven hands on experience in Information Security, IT Risk, IT Audit or Cyber Security role.
  • Understanding of ICT risk and systems security control processes.
  • Knowledge of Information Security related frameworks/ Regulations such as CBK Cyber Security Guidelines, ISO 27001, ISO 27002, NIST Cyber Security Frameworks, COBIT, PCI DSS, Swift Customer Cyber Security Programme etc.
  • Understanding of Information systems Architecture and operational practices.
  • Appreciation of IT Audit Methodologies.
  • Knowledge of cybersecurity good practices (Identity and Access Management, Data Protection, Penetration Testing etc.)
  • Knowledge of Data Protection & Privacy laws Regulation such as the Kenya Data Protection Act and/or the EUGeneral Data Protection Regulations (GDPR) is an added advantage.
  • Highly proactive and able to work independently.
  • Excellent written communication skills, demonstrating the ability to document with purpose, clarity, and accuracy.
  • Strong inter-personal and group/team process skills, problem-solving and judgment skills.
  • Strong systems thinking and analytical approaches to problem solving.
  • Professional qualification in IT Security, IT Risk or IT Audit such as CISA, CISM, CISSP, CEH, CRISC, Security +, CCISO, CTIA, CND, or equivalent will be an added advantage.


Fill in the job application form below.