Friday, March 30, 2012

KCB BANK GROUP HEAD OF INFORMATION RISK JOB IN KENYA

Head of Information Risk

Job Ref No: RISK 02/2012

Reporting to the Chief Risk Officer, the position is responsible for assuring oversight on IT related risks, the required level of information security, and IT risk, IT Security, business continuity and risk management policies and standards of KCB Group.

It is also expected to ensure that Information and technology risk management practices are well embedded in the bank so as to create risk awareness and a strong information risk culture.

Key Responsibilities

The major responsibilities of this position will be:

Developing and monitoring enforcement of IT & Information Risk policies.
Contributing to development of IT security policies, standards and procedures and monitoring enforcement thereof.
Performing enterprise information risk assessments and monitoring IT risk action plans so as to obtain assurance on the management of IT & Information risks.

Proactively identifying risks via timely analysis and development of appropriate metrics and other key risk indicators, review of information security assessments, review of requests for policy or standard exceptions and health check results.
Proactively looking at IT risk factors prior to business decisions so as to ensure the risks are identified and appropriate measures put in place to mitigate the risks to within business risk appetite.
Regular discussions with IT and other departments so as to ensure that risks and opportunities are well understood in business terms.
Assessing identified risks in conjunction with IT and the business to determine the impact/materiality in terms of financial loss/cost, reputation and/or regulatory risk and the likelihood and potential frequency of such risk occurring.
Coordinating with IT Division to ensure appropriate transparency/escalation of all significant risks as appropriate in the weekly and monthly reports, priority notifications and incident reporting in line with Group Risk Policies.
Providing guidance to various departments on topics related to ICT risk management on areas such as compliance with standards and policies in keeping with the risk appetite of KCB.
Implement processes for regular review of information risks and support IT Division in development and review of policies regarding KCB’s Business Continuity Plans, Group Data Protection and Data Confidentiality policies and programs.

The Person

For the above position, the successful applicants should have: -

A Bachelors of Science in Computing or related degree from a recognised University
Must possess at least one internationally recognizable IT Risk/security certification such as CISM, CISSP or CISA.
A minimum of 5 years’ experience in Information Technology in Senior IT Risk Management in a large organisation with hands on experience in:

1. Core banking risk management
2. Software and security architectures
3. IPS and vulnerability Testing tools
4. Active Directory management,
5. IT Security on operating systems and databases (UNIX, Microsoft, Oracle, SQL)
6. Wide knowledge of web security architecture.
7. Knowledge and skills on encryption, VPN

Knowledge of web programming languages (ASP, .NET, JavaScript, etc) will be an added advantage
Ability to work conscientiously and independently with minimal supervision. This calls for a person of high integrity and motivation, willing to work long and odd hours and willingness to travel out of station.
Be a team player with the ability to network with other staff to obtain high standards of performance.

The above position is a demanding role which the bank will provide a competitive package for the successful candidate.

If you believe you can clearly demonstrate your abilities to meet the criteria given above, please submit your application with a detailed CV, stating your current position, remuneration level, e-mail address and telephone contacts quoting the job title/reference in the subject field to recruitment@kcb.co.ke.

To be considered your application must be received by 13th April 2012.

Only short listed candidates will be contacted.