Cybersecurity Controls Architect

Are you a go getter, positive minded individual who fits the role profile captured below? There is an opportunity for ambitious, self-driven individuals to fill the above position?

Reporting to: Head of Information Security

Job Purpose:

Support the Head of Information Security in monitoring the Family Bank IT estate and ecosystem by proactively detecting cybersecurity events in a timely fashion in order to secure the bank’s assets from unauthorized access, loss or damage.

Key Responsibilities:

• Support in the implementation and continuous improvement of Family Bank’s cybersecurity program and policy.
• Gather, analyze and maintain a current enterprise-wide knowledge base of the Bank’s users, devices, applications and their relationships.
• Support in the design of adequate cybersecurity controls to mitigate against inherent to the Family Bank IT estate including customers.
• Gather cybersecurity intelligence through relationships within the Bank and also through industry benchmarking to facilitate timely updating of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
• Support in entrenching and reinforcing of bank-wide cybersecurity awareness culture.
• Regularly update the Bank’s network architecture and data flow diagrams based on changes made by ICT.
• Regularly review and ensure all servers, routers, switches, firewalls and user PCs are up to date with the latest patches, antivirus.
• On a regular basis carry out penetration tests and vulnerability assessments to ensure IT systems are secure and report on significant trends and vulnerabilities.
• Champion resolution of issues raised on ICT audits, control self-assessments, project and reputational risk.
• Collaborate with projects team to actively participate in IT change projects with an aim of designing cybersecurity controls.
• Assist to conduct root cause analysis on noted incidents to ensure no repeat instances arise.
• Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
• Assist to detect, report, respond, contain and mitigate incidents that impair adequate data and infrastructure security.
• Assist to constantly assist to update the security systems to deal with new threats. This involves staying abreast of technology news, researching new antivirus technology and new safety protocols.
• Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
• Carry out cybersecurity risk assessments for new products and IT projects in the Bank and follow through to ensure that appropriate mitigating controls have been put in place.
• Prepare weekly cybersecurity posture reports to management.
• Immediately report to the management on detected ICT and Information Security incidents
• Follow up for closure of audit issues raised and aversion of repeat incidences.
• Ensure the bank’s compliance with data protection act of 2019 and prudential guidelines on cybersecurity and any other existing or emerging regulatory requirements.
• Attend departmental meetings as may be required.
• Assist in the evaluation and recommendation for tools and solutions that provide security functions.
• Identify and report potential and actual Money Laundering Risk, including suspicious transactions in accordance with the laid down AML/CFT policies & procedures.
• Carry out other official duties as assigned by the Management.

The Person:

• The ideal candidate must possess the following:

Qualifications

• A Bachelor’s degree holder in Computer science, IT or related field.
• At least 3-years’ experience in a financial institution; or a certificate in banking operations.
• At least 3-years’ experience in working in a similar position.
• Professional information security certification: CISM/CISSP or Network certification: CCNA, CCNP.
• A good understanding of the relevant legislative requirements especially the Banking Act and Central Bank of Kenya (CBK) prudential guidelines

Key Competencies and Attributes

Interpersonal:

• High level of integrity.
• Strong analytical capabilities and problem solving skills to interpret data and draw conclusions.
• Self-driven and willingness to work odd hours.
• Excellent project management and planning skills.
• Able to work with data to derive insightful reports and make recommendations
• Solution oriented.
• Strong people, communications and negotiation skills
• Self-starter, passionate and instrumental in ideas generation and execution
• Ability to train, motivate and develop staf

Method of Application

ALL applicants MUST apply online to the email; [email protected]; closing date is 10th September 2022. Canvassing will automatically disqualify the candidate. Only shortlisted candidates will be contacted.