Deputy Manager, Cyber Security - Payment Systems, Banking and Payment Services (BPS) at Central Bank of Kenya

Job Purpose

The role holder is responsible for assessing existing and emerging cyber risks in the payments ecosystem both Retail and Large Value Payments including review of cyber security standards, laws, policies, guidelines and other related frameworks. The role holder will analyze statutory data returns, audits, market developments, consumer complaints to advice on corrective actions and to induce change where necessary in compliance with the existing National Payment System (NPS) laws. The role is responsible for reviewing payment system cyber security submissions for licensing in compliance with the National Payment System (NPS) laws, guidelines, standards and best practices.

Key Duties and Responsibilities

Strategic Responsibilities

• Contribute as appropriate to the performance of the function and to the overall achievement of the BPS’s strategic objectives.

Technical and Operational Responsibilities

• Oversight of cyber security for retail and large value payments system (RPS/ LVPS) including i.e. ACH, EFT, Cards, Mobile Payments, switches, KEPSS and any other licensed or designated payment system.
• Carry out cyber security assessments of payments systems against BIS core principles and set standards.
• Assist in the preparation of oversight reports RPSs e.g. Monthly reports, Quarterly and Annual reports.
• Determine data requirements and relevant returns to facilitate oversight of payment systems providers.
• Conduct online monitoring of PSPs transactions.
• Undertake on- site oversight examination/off-site surveillance of PSPs.
• Administer and enforce the Acts and Regulations and enforce supervisory actions on PSPs contravention of the regulatory requirements.
• Identify infrastructures that meet the criteria for FMIs for purposes of designation.
• Review audit and incident reports and recommend regulatory action.
• Receive and review complaints/enquiries on a payment system/product from customers/users.
• Continuously/periodically monitor implementation of recommendations made to rectify or enhance certain critical functions or areas highlighted during on-site oversight.
• Identifying weaknesses and action points in the operation of payment systems.
• Prepare inspection program, develop pre-inspection template and risk assessment matrix template.
• Work with industry stakeholders in developing awareness and capacity building programs cyber security for payment systems.
• Research on new threats/technologies/vulnerabilities impacting payment systems globally and locally, providing the necessary guidance both to the Bank and Industry.
• Develop guidelines, circulars and other relevant supervisory tools for cyber-security.

Other Responsibilities

• Performing any other duties as assigned by Manager and the Assistant Director.

Qualifications

• Bachelor’s Degree in a relevant field e.g. Information Technology, Computer Science or related field.
• Professional qualifications in information security certifications such CISA/CISSP/GIAC/CEH/OSCP or any relevant qualification for cyber risk experts and any other memberships are an added advantage.
• Any recognized international and professional Information Technology certification e.g., ITIL Service Management, ISO (20k or 27001) Lead Implementer /Audit), COBIT will be an added advantage.

Work Experience

Five (5) years’ experience working in information systems audit, cyber risk and/or related field and role.

Competencies

Technical Competencies

• Knowledge of the payments and or banking industry on issues related to Card payments, Retail payments innovation and security, P2P Switch providers, Mobile payments & Banking.
• Good understanding of internationally accepted best practices and standards for effective oversight of payment systems
• Knowledge of Banking and Payments Laws & Regulations
• Knowledge of payment technologies and innovations.
• Risk Assessment Management framework
• Analytical skills and creative thinking skills
• Cyber Risk /Information systems, audit and security related skills
• Security and cyber risks
• System performance monitoring

Behavioural/ General Competencies

• Ability to work collaboratively in a team
• Decision making
• Professionalism
• Communication
• Customer orientation
• Integrity and honesty and ethics
• Resilience
• Mentoring and coaching
• Ability to drive change
• Building consensus and influencing
• Emotional Intelligence
• Independence and objectivity