IT Risk and Controls Manager at The Co-operative Bank of Kenya

On Wednesday, August 21st, 2013
Are you looking for an Employer who promotes individual excellence and mutual respect in a team-driven culture with a key focus on social empowerment? 
The Co-operative Bank of Kenya, “the kingdom Bank” is the place for those looking to new horizons.

We are looking for dynamic, creative and self oriented professional to fill the position of:

IT Risk and Controls Manager

The successful person will report to the Head ICT Risk & Control Department.

Job Summary:

As an IT Risk and Controls Manager the role holder will be responsible for providing continuous independent assurance on the bank’s Information Security as regards confidentiality, integrity and availability of the IT infrastructure, processing systems and related resources in line with the Information Security Policy.

Main Duties:

  • Implementation and evaluation of technology controls for Core systems, Database management systems, application systems and network infrastructure.
  • Manage internal audits on information security processes, controls and systems.
  • Provide guidance and consultation on projects for IT Security related risks and issues.
  • Educate and train employees about their information security responsibilities in line with the Bank policy on information security
  • Monitoring and managing all information security breaches and handling security incidents, taking remedial action to prevent recurrence wherever possible.
  • Review of operating and information systems.
  • Development of/involvement in independent review of technology related procedures, product programs to ensure that the appropriate infrastructure is incorporated into the different business initiatives and the bank technology policies are respected.
  • Review of all relevant system logs to identify and address activity that is not consistent with set out Information Security guidelines and standards.
  • Carry out Information Security reviews along the various phases of a project’s lifecycle as detailed in the Bank’s Project Management framework.
  • Carry out business continuity related checks for IT systems in primary and disaster recovery sites.
  • Provide interpretation of the Information Security policies to the Business.
  • Lead businesses in development of action plans as a result of gap assessment findings, and/or ethical hacking results.
  • Keep abreast of application, product and system development within the business and appraise the effect and appropriateness of planned changes to the existing control framework.
Job specification:
The incumbent will be required to possess the following attributes / skills:
  • Bachelor’s degree in Computer Science or Information Systems from a recognized university
  • Possess relevant Information Security Certification such as CISSP, CISA / CISM, ISO/IEC 27001.
  • 3 years working experience in information security within a large and highly computerised organization. Prior working experience in a Bank will be an added advantage.
  • Understanding of risk and systems security control processes.
  • Good understanding of CAAT’s (Computer assisted audited tools).
  • Poses knowledge on cryptography and encryption solutions.
  • Understanding of end point security on IEEE 802.1x standards.
  • Good understanding of PCI-DSS and ISO27001 standards.
Interested candidates meeting the above criteria should forward an application enclosing detailed Curriculum Vitae accompanied by copies of certificates and indicating the current remuneration to the address shown below by  31st August 2013.

We are an equal opportunity employer. 
N.B: Only short listed candidates will be contacted.

Please quote this reference on your application and on the envelope: IT RISK AND CONTROL MANAGER – ISO/3/HRD/2013.

The Director
Human Resources Division
Co-operative Bank of Kenya Ltd.
P.O. Box 48231-00100

Displaying No Comments
Have Your Say

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>