IT Security Analyst

JOB PURPOSE

Provide continuous independent assurance on the bank’s Information Security as regards confidentiality, integrity and availability of the IT infrastructure, processing systems and related resources in line with the Bank Information Security Policy.

KEY RESPONSIBILTIES

• Provide tactical security expertise across various security domains as assigned from time to time.
• Provide technical security related support to ICT projects from inception through to successful implementation.
• Support the implementation of procedural, operational and technical security controls across the bank’s ICT systems.
• Install, configure and upgrade security systems / solutions while maintaining requisite levels of security.
• Safeguard the bank’s information assets by identifying and solving potential and actual security threats.
• Identify and provide solutions for information security related problems & anomalies and report violations of security policies.
• Conduct continuous research and provide technical security expertise on threats affecting KCB Group information assets.
• Monitor the bank’s ICT systems for indicators of compromise, investigate incidents and take appropriate steps to contain, neutralize and prevent breaches from happening in the future.
• Participate in activities aimed at mitigating information and cyber risks identified by various assurance teams such as Information Risk and Audit

MAIN ACTIVITIES

1. Monitoring

• Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
• Ensure all systems interfaces are secured from any intrusion and all users’ activities are logged and users’ activities in systems are detailed and traceable.

2. Analysis

• Periodically perform vulnerability assessments & penetration tests on Bank systems and technology, identifying vulnerabilities and recommendations on closure of these vulnerabilities.
• Analysis of data from user and network monitoring to ascertain legitimacy of high priority activities noted.

3. Reporting

• Actively review application, server, database, network logs and audit trails and report
• Provide and analyze departmental self-assessment reports on all systems controls to assist in focused controls
• Pro-actively and comprehensively provide guidance on tools required to effectively manage and control bank systems environment.
• Be involved in providing forensic data to all reviewers i.e. investigators, analysts etc.

4. Governance and Review

• Review all issues logged by users and analyze trends as relates to systems security management
• Initiate, facilitate and promote activities within the bank to create information security awareness to various groups of bank staff and stakeholders.
• Be involved and provide security guidance during technology projects, systems deployment, upgrades and changes.
• Continuous review of systems at all levels i.e. servers, applications, database, network devices etc., identify risks and make recommendations on closure of the risks.

5. Implementation

• Manage all external parties’ access to bank infrastructure and systems and have detective measures for intrusion.
• Ensure that the bank infrastructure network LAN / WAN is secure from any intrusion.
• Establish and maintain the Bank’s Business Continuity Plan and Disaster Recovery Plan.
• Spearhead a compliance program to achieve legal obligations and business goals by prioritizing initiatives and assessing the evaluation, deployment, and management of current and future technologies.
• Establish and implement the Bank’s security documents (policies, standards, baselines, guidelines and procedures).
• Enforce patches, version management and virus control.
• Pro-actively enforce and plan to ensure all noted risks are mitigated and potential threats addressed immediately.