Head of Technology Risk and Security at Kenya Airways

Job Purpose:

The Head of Technology Risk and Security will be required to assist the Chief Information & Data Officer to promote the organizational culture and shared cyber security ownership and information assets protection. She/he will be required to safeguard Kenya Airways’ (KQ) critical information infrastructure against external aggression from cyber criminals; respond to, resolve and recover from Cyber/IT Security incidents and attacks through proactive security incidence monitoring and also deliver an appropriate IT business continuity & data back-ups management capability for the Airline in the event of a material business interruption.

Principal Accountabilities:

• Ensure that the airline IT systems are secured through adequate security management and administration measures and practice.
• Develop and enforce IT policies, standards and procedures to ensure proper operations and maintenance of the IT assets.
• Implement appropriate transparency/escalation of all significant risks as appropriate in the weekly and monthly reports, and priority notifications to ensure minimum exposure to risk.
• Identify risks via: analysis of monthly metrics and other indicators; review of IT conformance reports, security assessments, requests for policy/standard exceptions and health check results; responding to escalations and queries; regular discussions with the departments; and other means that may be available to ensure that appropriate measures are taken to mitigate exposure.
• Assess identified risks in conjunction with other Technology Departments, Legal , Audit and other Lines of Business to determine the impact/materiality in terms of financial loss/cost, reputation and/or regulatory risk and the likelihood and potential frequency of such risk occurring.
• Ensure appropriate action plans and delivery dates are in place to address material risks and any open internal or external audit items or regulatory issues and tracking these actions to completion.
• Participate in the annual IS and IT audit plan with the Internal Audit in order to take note of the areas to be addressed.
• Coordinate with internal and external auditors to ensure timely and responsive audits, appropriate findings, and appropriate management responses and action plans.
• Coordinate with Legal and Operational Risk Control teams to ensure transparency of risks, appropriate measures in place to mitigate risks to within the business risk appetite, and a positive and open working relationship.
• Provide guidance within the departments on topics related to ICT risk management such as achieving compliance with standards and policies, staying within the risk appetite of the KCB.
• Coordinate with the Departments to ensure all deadlines are met for core activities such as conformance, audits, regulatory reviews, priority initiatives, etc.
• Participate in the implementation of the Group Data Protection and Data Confidentiality programs.
• Responsible for implementing/establishing a process for safeguarding authentication devices against interference, loss and theft.

Knowledge, Skills and experience:

• Bachelor’s degree in IT or any other related filed from a recognized institution.
• Master Degree will be an added advantage.
• Must possess at least one security certification such as CISA, CISM, CISSP, CASP, BCM & Security +.
• Minimum of 8 years senior management experience in Information Technology with at least 5 years’ experience in IT systems risk and security management and 3 years’ experience in Active directory management, IT security on operating systems and databases and IT BCM, Data Backups and Archival management.
• Knowledge of Web security architecture is essential.
• Knowledge and skills on encryption, VPN is essential.
• Knowledge of Web programming languages and software & security architectures is desired.
• Knowledge of regulations, standards and frameworks.
• Superior team leadership, team working and co-operation skills with the ability to influence positively and champion high performance.
• Excellent communication, interpersonal & problem-solving skills with the ability to work confidently on high priority problems.
• Ability to handle pressure and difficult situations with resilience, calmly and effectively.
• Must be a person of unquestionable integrity.