GM: Subsidiary Security Operations (ISO) at Equity Bank Kenya

Job Purpose: 

The Information Security Officer (ISO)– Subsidiary operations is responsible for leading and managing the subsidiary security operations in all the markets Equity operates in and delivering the defined security plans that will achieve the desired security posture for the subsidiaries.

The ISO will need to work closely with the country MDs and heads of IT to ensure an effective and risk driven approach is tailored for each country and is embodied in the country specific security plans agreed and funded for implementation.

The role must have an established background leading a security function, with strong technical and business knowledge, experience handling a fast-paced operational cadence, and a results-driven mindset.

Key Performance Areas: Job responsibilities/ outputs of the position

• Contribute to the development and maintenance of the Group Information Security Strategy representing the needs of the Equity Subsidiaries
• Lead the execution of the local Subsidiary security strategies in country, in alignment with the Group strategy and local market conditions
• Lead and direct the Subsidiary security teams to deliver on the holistic cybersecurity mandate and commitment across the Equity Group and Subsidiaries
• Manage the development, integration, and monitoring of detailed Subsidiary security plans in accordance with the frameworks, goals and targets agreed with Group CISO and the requirements of the stakeholders of the individual Subsidiaries.
• Establish and enforce the necessary governance and supporting structures for the effective implementation of security controls and execution of the security plan at the Subsidiaries, including regular cadence of engagement with local Subsidiary stakeholders and leadership
• Provide technical guidance and advice as required to direct subordinates and Subsidiary teams.
• Compile reports on the status and performance of the Subsidiaries as required.
• Monitor security operations within the Subsidiaries, address and escalate any non-performance and prepare security operational performance reports.
• Participate in the recruitment and selection of direct reports and Subsidiary security staff according to organisation structure, job requirements and guidelines.
• Lead, mentor and empower employees and manage change within the team (including Subsidiary team members) to ensure a positive work environment in which employees develop and perform optimally.
• Develop performance contracts for direct reports and Subsidiary security staff and ensure delivery according to the contract.  
• Manage staff development initiatives, succession planning and talent management to meet performance standard for direct reports and Opco security heads.
• Build and maintain relationships with internal and external stakeholders in order to ensure regionally relevant information, advice or opinions on relevant matters is made available and/ or communicated appropriately and timeously.
• Empower all relevant stakeholders by ensuring information, advice or opinions on relevant matters are made available and clearly communicated through various channels and platforms.
• Ensure compliance to all Equity policies and procedures, as well as country specific regulation across the markets Equity operates in
• Establish good external working relationships and collaborative arrangements with external service providers, cyber community of practices and/or other organisations to help achieve the goals.
• Maintain knowledge of and monitor changes in relevant legislation and the regulatory environment across the markets, review and approve the systems that ensure compliance and reduce risk as well as oversee implementation thereof.
• Ensure reporting requirements are complied with and accurate information is disseminated to support specific decisions or activities in the Subsidiaries
• Represent GIS at various forums and committees within Subsidiary and Group.
• Attend and participate in Equity governance structures and forums, as required.

Role Complexity: 

• Matrix management for security planning and operation
• Management of security control environment across at least 13 domains in all the Technology functions and in at least 7 markets of Equity Group
• Fast paced and high growth environment

Budgets/ Financial Input

• Accountable for budgetary and strategic oversight for all elements of Subsidiary security function, including technology licensing, contractor management and service provider contracts
• Manage the development of Subsidiary security budgets in support of the Subsidiary security strategy and business plans (Capex and Opex) in accordance with the Subsidiary and Group budget guidelines; work with subsidiary leadership teams to agree budgets during annual budget planning and ensure timeous preparation of forecasts during the financial year.
• Monitor the Subsidiaries security budget and expenditure on a monthly basis
• Manage project initiative budgets in line with business objectives
• Drive initiatives that will ensure that the “cost of operations” is reduced, in line with a least cost operating strategy stemming from the business drivers.  

Qualifications
 
Job Requirements (Education, Experience and Competencies)

Education

• Four-year tertiary qualification in Information Technology, Computer Science, or a related field
• Additional business-related qualifications such as MBA is preferred
• Industry certification: CISSP, CISM or equivalent.

Experience

• 10+ years of relevant work experience in Information Security
• 5+ years of experience at the Senior Management level in banking or telecommunications industry
• 2-3 years working experience in managing info/ cybersecurity in a large organisation
• Experience in managing large teams across multiple organisations / countries
• Experience in designing and implementing organisation wide info/ cybersecurity framework & projects
• Experience in managing and implementing large scale info/ cybersecurity projects
• Experience working in various countries in Africa and have a grasp of political, social, infrastructure and integrity challenges
• Experience in development of security strategies, supporting execution plans
• Negotiation of and management of budgets across multiple entities
• Ability to work in a highly dynamic environment, within an extremely fast paced, high growth company.
• Strong understanding of common best practices, frameworks, and regulations (NIST 800-53, ISO 27001, OWASP, MITRE ATT&CK, CIS, etc).

Key Critical Competencies

• Excellent executive presentation and communication skills.
• Ability to articulate cyber risk to business leaders within the context of corporate strategy and threat environment.
• Good Analytical skills, Problem solving and Interpersonal skills
• Ability to lead through influence, including at executive levels