Co-operative Bank Kenya
ICT Risk Projects Officer
Here is an exciting opportunity for you to join our ICT Risk & Control team. Are you able to identify and assess threats, put plans in place ‘if things go wrong’ and advise how to avoid, reduce or transfer risks in an IT environment, then this is the perfect career move for you.
Reporting to the Head – ICT Risk & Control, the role holder will provide continuous Project assurance on the various Bank’s ICT related projects as regards confidentiality, integrity and availability of the IT infrastructure, processing systems and related resources in line with the Bank Information Security Policy.
Specifically, the successful jobholder will:
- Be actively involved and provide risk & security guidance during technology projects, systems deployment, upgrades and changes.
- Proactively provide ICT security & risk requirements for incorporation in Business Requirements Documents, Functional Specifications Documents & RFPs of new ICT systems.
- Proactively participate in technical solution design for new systems, ensuring that security requirements are well defined.
- Perform vulnerability assessments & penetration tests on new Bank systems, applications and technology, identifying vulnerabilities and recommendations on closure of these vulnerabilities, prior to new systems go-live.
- Perform a fraud risk assessment on new systems and processes within the project scope and provide recommendations on countermeasures to be taken.
- Ensure interfaces for new systems are secured from intrusion, and user activities in new systems are detailed, traceable and logged.
- Pro-actively provide guidance on security tools required to effectively manage and control Bank systems.
- Pro-actively perform risk assessments for ongoing ICT projects and prepare risk reports for new systems & projects in readiness for Change Approval Board meetings.
- Proactively develop and constantly review system Minimum Baseline Security Requirements for new ICT systems & projects.
- Regularly provide recommendations to ICT leadership on areas of improvement towards securing ICT systems.
- Provide information security training & awareness to ICT systems project teams (Systems development teams, project managers, business analysts)
- Maintain ICT risk registers for ICT projects and submit periodical and ad-hoc reports as required by HOD and Chief Risk Officer.
- Ensure strict adherence to all regulations, statutes, standards, practices and all internal processes and procedures as per the relevant manuals and comply with all relevant external legislation and regulations with regard to compliance requirements.
Skills and Experience required
- Bachelor’s degree in Information Technology or related fields.
- 3 years prior experience in information security or systems audit function. Experience in the Banking industry will be a value add.
- Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) certification. IT security and risk certifications e.g. CISSP, CRISC, CEH, etc. will be an added advantage.
- Experience in system propagated forensic investigations will be an added advantage.
- Good understanding of project management methodology and concepts and a good appreciation of risk, systems security control processes.
- Detailed knowledge of the Bank’s Operating procedures and good knowledge of the Bank’s products and services.
- Understanding of Information Systems architecture and operational practices as well as good grasp of Information Security and control objectives with an appreciation of audit methodologies.
- Experience in performing analytical roles in complex business environments.
- Advanced computer skills including IT skills, word, excel, power point.
- Training in IT infrastructure and operating systems.
- Training in Implementing Information security policies.
- Leads from the front
- Delivers and owns results
- Values and respects others
- Drives innovation
- Fosters Communication
- Inspires trust and integrity
- Customer Centric
How to Apply
If you are confident that you match the role and person profile, please forward your application enclosing detailed Curriculum Vitae to firstname.lastname@example.org indicating the job reference number “IRPO/RM/2018” by 20th March, 2018.
We are an equal opportunity employer.