General Manager-Subsidiary Security Operations at Equity Bank Kenya

Job Purpose:

• The Information Security Officer (ISO)– Subsidiary operations is responsible for leading and managing the subsidiary security operations in all the markets Equity operates in and delivering the defined security plans that will achieve the desired security posture for the subsidiaries.
• The ISO will need to work closely with the country MDs and heads of IT to ensure an effective and risk driven approach is tailored for each country and is embodied in the country specific security plans agreed and funded for implementation.
• We are seeking someone with established background having led security function(s) across African markets, with strong technical and business knowledge, experience handling a fast-paced operational cadence, and a results-driven mindset.

Key Performance Areas: Job responsibilities/ outputs of the position 

•  Contribute to the development and maintenance of the Group Information Security Strategy representing the needs of the Equity Subsidiaries
•  Lead the execution of the local Subsidiary security strategies in country, in alignment with the Group strategy and local market conditions
•  Lead and direct the Subsidiary security teams to deliver on the holistic cybersecurity mandate and commitment across the Equity Group and Subsidiaries
•  Manage the development, integration, and monitoring of detailed Subsidiary security plans in accordance with the frameworks, goals and targets agreed with Group CISO and the requirements of the stakeholders of the individual Subsidiaries.
•  Establish and enforce the necessary governance and supporting structures for the effective implementation of security controls and execution of the security plan at the Subsidiaries, including regular cadence of engagement with local Subsidiary stakeholders and leadership
•  Provide technical guidance and advice as required to direct subordinates and Subsidiary teams.
•  Compile reports on the status and performance of the Subsidiaries as required.
•  Monitor security operations within the Subsidiaries, address and escalate any non-performance and prepare security operational performance reports.
•  Participate in the recruitment and selection of direct reports and Subsidiary security staff according to organisation structure, job requirements and guidelines.
•  Lead, mentor and empower employees and manage change within the team (including Subsidiary team members) to ensure a positive work environment in which employees develop and perform optimally.
•  Develop performance contracts for direct reports and Subsidiary security staff and ensure delivery according to the contract. 
•  Manage staff development initiatives, succession planning and talent management to meet performance standard for direct reports and Opco security heads.
•  Build and maintain relationships with internal and external stakeholders in order to ensure regionally relevant information, advice or opinions on relevant matters is made available and/ or communicated appropriately and timeously.

Qualifications
Education

•  Four-year tertiary qualification in Information Technology, Computer Science, or a related field
•  Additional business-related qualifications such as MBA is preferred
•  Industry certification: CISSP, CISM or equivalent.

Experience

•  10+ years of relevant work experience in Information Security
•  5+ years of experience at the Senior Management level in banking or telecommunications industry
•  2-3 years working experience in managing info/ cybersecurity in a large organisation
•  Experience in managing large teams across multiple organisations / countries
•  Experience in designing and implementing organisation wide info/ cybersecurity framework & projects
•  Experience in managing and implementing large scale info/ cybersecurity projects
•  Experience working in various countries in Africa and have a grasp of political, social, infrastructure and integrity challenges
•  Experience in development of security strategies, supporting execution plans
•  Negotiation of and management of budgets across multiple entities
•  Ability to work in a highly dynamic environment, within an extremely fast paced, high growth company.
•  Strong understanding of common best practices, frameworks, and regulations (NIST 800-53, ISO 27001, OWASP, MITRE ATT&CK, CIS, etc).

Key Critical Competencies

•  Excellent executive presentation and communication skills.
•  Ability to articulate cyber risk to business leaders within the context of corporate strategy and threat environment.
•  Good Analytical skills, Problem solving and Interpersonal skills
•  Ability to lead through influence, including at executive levels