Cybersecurity Specialist, Vulnerability Management at KCB Bank Kenya

The Position: 

The Vulnerability Management Specialist is responsible for maintaining a vulnerability management framework for KCB Group, recommending appropriate controls, and maintaining a risk register. The role will also be responsible for the delivery and management of effective vulnerability management tools and solutions for the Group that meet both market and industry expectations in accordance with the Group’s business objectives, regulatory requirements, and strategic goals.

Key Responsibilities:

• Design, implement and support Vulnerability Assessment and Penetration Testing (VAPT) tools / solutions and a framework identified as necessary for the protection of KCB Group information assets.
• Perform VAPTs on the Group’s infrastructure and systems to provide assurance that they are secure from external and internal intrusion attempts.
• Enact ‘Red Team’ scenarios to highlight gaps impacting the organization’s security posture.
• Serve as a Subject Matter Expert (SME) in designing VAPT exercises executed internally or by contracted vendors.
• Manage the VAPT lifecycle engagements with external penetration testing vendors.
• Maintain a Vulnerability Scoring System that captures the qualitative representation of the assessment reports to help KCB Group properly assess and prioritize its vulnerability management processes.
• Provide technical support to the various System Administrators and owners in analyzing, understanding, and remediating the various findings are reported by the Group Cybersecurity testing teams.
• Conduct ongoing research and analysis in vulnerability management targeting key initiatives to provide actionable advisory.
• Assess the sufficiency of policies, standards, and procedures relative to VAPT best. practices. Co-author standards and procedures designed to continually improve security posture.
• Provide input into technology security risk control self-assessments by leveraging specialized knowledge in vulnerability management.

The Person:

For the above position, the successful applicant should have the following:

• University degree from a recognized institution preferably in Information Technology/Computer Science/ Cyber Security/ Engineering (Electrical & Electronics) or related field.
• A professional cyber security certification in either of the following: CISA/ CISM/ CISSP/ Security+/CEH
• 5 years Technology experience with at least 2 years’ experience in cyber security and 1 year experience in Vulnerability Management / Security Testing / Penetration Testing.