Kenya Commercial Bank Limited is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya – incorporated with effect from January 1, 2016 – and all KCB’s regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan

KEY RESPONSIBILITIES: MUST NOT BE MORE THAN 10

• Cybersecurity Strategy: Maintain, coordinate, and measure the overall group Cyber Security strategy, the budgeting cycle, and the selection of security technology within the remit of the cybersecurity department.
• Cybersecurity Maturity: Oversee the yearly cybersecurity maturity assessment process across the group, track strategic and tactical initiatives that will achieve the target maturity of the KCB cybersecurity practice.
• Cybersecurity Investments Portfolio Management: oversee the management of cybersecurity investments across the group working closely with all senior managers in group cybersecurity and subsidiary leads through the life cycle of products i.e., acquisition to decommissioning of security technologies.
• Cybersecurity Governance and Reporting: prepare reports, presentations, and visualizations to communicate cybersecurity program status and posture to various stakeholders, including senior management on a weekly, monthly, quarterly, and yearly basis.
• Cybersecurity Data Analytics: Maintain an effective centralized datastore for all key cybersecurity data and metrics, leveraging data analytics to capture insights and intelligence to drive and report on cybersecurity maturity.
• Define, create, deliver, and maintain compliance reports and relevant cybersecurity metrics (key performance indicators) across all the various security domains in verticals – technical security, enterprise security architecture, cyber intelligence and security operations centre, cybersecurity assurance and cybersecurity program management – to senior management.
• Third party cybersecurity governance: identify and manage the potential cybersecurity risk from third parties by setting up a practice to understand, evaluate, report on and minimize the cybersecurity risks third parties could bring.
• Cyber Culture and stakeholder management: manage cybersecurity’s engagements and relationships with the various stakeholders within the organization, in a bid to build a cyber risk aware culture working closely with the security awareness unit.
• Lead the team in delivery of cybersecurity projects from inception through to successful implementation in a bid to ensure that the solution is delivered as per defined requirements.
• Cybersecurity Risk Self-Assessment: Participate in the identification and reporting of information security risks, as well as non-conformance to the Bank’s Information Security policies and standards.

ACADEMIC AND PROFESSIONAL QUALIFICATIONS

• Bachelor’s Degree    BSc. Information Technology / Computer Science / Telecommunications / Engineering (Electrical, Electronic)    Required

Professional Qualifications    

• Information Security certification  such as CISA / CISM/ CISSP/ Security+/, GSE/ GSEC/ CRISC/ SSCP

At least one required
Professional Qualifications 

• Certification in any of the key technology domains; network, databases, operating systems, system administration, security administration, cloud, servers, containerised platforms, virtualization platforms, Incident management and Response.

At least one required

Professional Qualifications    

• Certification in data analytics  Added Advantage
• Master’s Degree MBA/MSc Added Advantage