Equity Bank Limited (The “Bank”) is incorporated, registered under the Kenyan Companies Act Cap 486 and domiciled in Kenya. The address of the Bank’s registered office is 9th Floor, Equity Centre, P.O. Box 75104 – 00200 Nairobi. The Bank is licensed under the Kenya Banking Act (Chapter 488), and continues to offer retail banking, microfinance and related services. The Bank has subsidiaries in Kenya, Uganda, South Sudan, Rwanda and Tanzania. Its shares are listed on the Nairobi Securities Exchange and Uganda Securities Exchange.

The Role

The Information and Cyber risk governance, policies and framework specialist role is highly technical and challenging with opportunities to be part of a team that will have a meaningful impact. The incumbent is expected to support all the 6 subsidiaries that Equity has presence and should possess an adequate understanding of governance of both cyber security and information technology and should understand concepts including computer networking, web and native application functionality, operating system functionality, cloud services, corporate network environments and operations. She/He should be able to quickly learn and keep up with the ever-changing landscape of technology. The candidate should have strong policy making skills, processes and procedures mapping, compliance reviews and technical reporting skills.

Responsibilities

• Support the review and update of the Technology, Information and Cyber security (TICS) risk management framework across the group on an annual basis with the changes in the environment.
• Review Technology, Information and Cyber security policies, processes and procedures across the group identify potential opportunities for improvement and alignment.
• Conduct risk assessments covering strategic arm of IT dealing with projects, 3rd party risks, people, measurement of the risk culture with metrics such as count and closure rates of audit and risk issues.
• Conduct risk assessments in areas on IT asset management lifecycle both logical and physical and make appropriate recommendations. Prior experience in assets management software such as CMDB is an added advantage.
• Conduct risk assessments incident management and response measures.
• Perform compliance reviews against various laws and standards including Data protection, PCI DSS, ISO 27001, SWIFT CSP etc.
• Work with first line of defense IT team to get buy in on recommendations and walk with the team to ensure full implementation.
• Assist in compiling and reviewing management and board reports to ensure consistency and accuracy of information contained and proper follow through of actions.
• Monitor allocated Key Risk Indicators ensuring clear escalation and action on detected breaches.
• Maintain the risk registers with updated risk treatment plans and dates to ensure effective control design and operations.
• Ensure sufficient coordination across all subsidiaries to ensure that technology, information and cyber risks are sufficiently identified and reported upon.
• Track major IT and cyber security incidents both internal and external ensuring that lessons learnt are appropriately documented and implemented.
• Assisting in setting out the methodology and templates to be used across the group for TICS risk assessments and reporting.
• Work closely with the IT teams to ensure that innovative ideas are implemented through a clear risk and opportunity assessment.
• Support the definition of the TICS risk appetite statements.
• Review and advice on the risk control self-assessments (RCSAs) performed by 1 LOD teams for the allocated risk subtypes.
• Assist in investigations when required to.

Ideal Candidate

• Bachelor’s degree in computer science, Information and Cyber Security, Technology or equivalent
• 5 years of relevant in information security or risk management, audit, information assurance preferably in Banking and Financial sector
• Must have CISA (Certified Information Systems Auditor) certification
• Must have CCSP (Certified Cloud Security Professional) certification
• Other ISACA related Certification (e.g., CISM, CRISC or CGEIT) * Added advantage
• Consistently able to demonstrate or articulate value proposition
• Candidates must have hands on experience in performing risk assessments in diverse technology environments
• Good understanding of technology infrastructure, networks, and database management systems.
• Good understanding of cloud computing technologies and Microsoft Azure environment.
• Expertise in Linux machine recommended Kali and parrot.
• Familiar with various operating systems and databases
• Ability to both assess priorities and to focus on work in a structured fashion which delivers results
• Sound judgement and anticipation
• Strong integrity, independence, and resilience
• Deliver with minimal supervision.
• Avid researcher of best practices and happenings in the global cyber space.
• Engage key stakeholders on actions required.
• Team player and contributor.
• Strong problem-solving, persuasive skills and an ability to grasp abstract concepts and complex technology situations to challenge the status quo and further develop and build on our TICS Risk Management Framework.
• Excellent communication skill, both verbal and written, with the ability to initiate and lead conversations with technology and business leaders and risk colleagues regarding anticipated and emerging issues.