Reporting to the Head – ICT Risk & Control, the role holder will be responsible for providing continuous independent assurance on the bank’s Information Security with regards to confidentiality, integrity and availability of the IT infrastructure, processing systems and related resources in line with the Bank’s Information Security Policy.
The Role
Specifically, the successful jobholder will be required to:
Implement and evaluate technology controls for Core Banking systems, Database management systems, application systems and network infrastructure.
Conduct application risk assessments including privacy vendor reviews and web applications vulnerability reviews.
Continuously review system logs at all levels i.e. routers, switches, firewalls, systems and applications to detect any anomalies and remediate them.
Perform network security monitoring and reporting including patch management, version management, anti-virus, windows security, password violations, Virtual Private Network (VPN) and other exception monitoring.
Actively review database logs and audit trails then report daily.
Pro-actively enforce and plan to ensure all noted risks are mitigated and potential threats addressed immediately.
Be involved in providing forensic data to all reviewers i.e. investigators, analysts etc.
Ensure all systems interfaces are secured from any intrusion and all users’ activities are logged, detailed and are traceable.
Provide guidance on all system deployment, upgrades and changes.
Review all security-related issues logged by users and analyse trends as relates to systems security management as well as manage all external parties’ access to bank infrastructure and systems and have detective measures in place to monitor any intrusion.
Pro-actively and comprehensively provide guidance on tools required to effectively manage and control bank systems environment.
Ensure all sensitive and confidential bank information is protected and infrastructure network LAN / WAN are secure from any intrusion.
Provide and analyse departmental self-assessment reports on all systems controls to assist in focused controls.
Attend relevant training on emerging trends and practices within the Information Security field and network with the relevant associations so as to keep abreast with industry trends and to achieve world-class information security practices.
Skills, Competencies and Experience
The successful candidate will be required to have the following skills and competencies:
Bachelor’s degree in an IT related field from a recognized university.
Possess relevant Information Security certification such as CISA/CISM.
At least five (5) years’ experience in information security or systems audit function within a large and highly computerized organization.
Good understanding of PCI-DSS and ISO27001 standards.
Demonstrated ability to manage complexity and multiple initiatives at a go.
Ability to synthesize/analyze diverse information, develop and recommend strategies.
Ability to think creatively and propose solutions.
Strategic perspective with an ability to quickly analyze complex issues, develop appropriate action plans and deliver results.
How to Apply
If you fit the profile, then apply today!
Please forward your application enclosing detailed Curriculum Vitae to jobs@co-opbank.co.ke indicating the job reference number IRM/1/HRD/2015 as the subject of your email by 12th November, 2015.
We are an equal opportunity employer.