Information TechnologyFull-TimeSenior-level(6+ yrs)
Job Description
BANK OF AFRICA - KENYA LIMITED (BOA-KENYA) is a commercial bank providing banking services to corporate, SME, and retail clientele. We are looking for a Manager – Information Security to lead our cybersecurity initiatives. The successful candidate will develop and implement the Bank’s information security strategy, framework, and policies, ensuring full alignment with the Bank’s Enterprise Risk Management Framework, Governance, business goals, and group requirements.
Responsibilities and Accountabilities
Strategy and Framework: Develop and implement the Bank’s information security strategy and policies in alignment with Enterprise Risk Management and Group requirements.
Technology Control: Drive the implementation of technology control systems and monitor them continuously against business requirements and reported incidents.
Security Architecture: Design information security architecture and coordinate reviews to assess data losses or breaches, prioritizing mitigation actions.
Vulnerability Management: Develop risk assessments and penetration testing schedules to identify and remediate vulnerabilities.
Incident Response: Lead the monitoring of systems and platforms to facilitate effective incident response management and timely recovery.
Compliance Assurance: Review information system requirements for new products and channels to ensure compliance with security thresholds.
Change Management: Review and approve infrastructure change requests to ensure they meet risk and compliance thresholds.
Business Continuity: Establish and test information security business continuity plans to ensure resilience during disruptions.
Security Awareness: Implement security awareness sessions for employees and customers to enhance the security culture.
Regulatory Adherence: Ensure compliance with ISO 27001, PCI DSS, CBK prudential guidelines, and Data Protection Regulations.
Audit Collaboration: Work with risk, compliance, and audit teams to implement recommendations and conduct timely assessments.
Third-Party Risk: Manage security risks associated with third-party vendors through risk assessments and SLA monitoring.
Reporting: Prepare and submit monthly and quarterly security risk reports to management and the Board.
Requirements and Qualifications
Academic Background: Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related field from a recognized institution.
Professional Experience: At least eight (8) years’ experience in information security, risk management, and governance.
Specialized Experience: At least three (3) years of experience conducting compliance assessments, implementing IT controls, and cyber security management.
Certifications: Must be certified in ISACA related areas (e.g., CISM, CISA), Certified Ethical Hacker (CEH), or Licensed Penetration Tester.
Framework Knowledge: In-depth knowledge of ISO 27001/2, PCI DSS, NIST, and OWASP.
Technical Proficiency: Knowledge of End Point Security, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), PKI, DLP, and Identity and Access Management (IAM).
Regulatory Knowledge: Familiarity with local and regional cyber security and data protection requirements.
Industry Context: Understanding of banking or financial services operations and practices.
Competencies and Attributes
Result-driven and focused on business outcomes.
Strong critical thinker with objective analysis skills.
Goal-oriented with excellent planning and organizational abilities.
Commitment to continuous professional learning and staying updated with industry developments.
How to Apply
Interested and qualified candidates should apply online through the Bank of Africa Kenya Limited portal. Use the link below to access the application page:
Apply Here
How to Apply
Interested and qualified candidates should apply online by visiting the application link on the Bank of Africa Kenya Limited career portal: https://www.myjobmag.co.ke/apply-now/1183943
