IT Risk Officer at Consolidated Bank of Kenya

Job Purpose

Reporting to the Head of Risk & Compliance, the IT Risk Officer will be responsible for providing continuous independent risk management oversight on the Bank’s Technology investments and Information Security framework with regard to confidentiality, integrity, and availability of the IT infrastructure, processing systems, and related resources in line with the Bank’s Information Security and Risk Management policy.

Key Responsibilities

•  Assessing the risks and exposures related to cyber security and determining whether they are aligned to the institution’s risk appetite.
•  Monitoring current and emerging risks and changes to laws and regulations.
•  Collaborating with system administrators and others charged with safeguarding the information assets of the institution to ensure appropriate control design.
•  Maintaining comprehensive cyber risk registers.
•  Ensuring implementation of the cyber and information risk management strategy.
•  Safeguarding the confidentiality, integrity and availability of information.
•  Ensuring that a comprehensive inventory of IT assets is established and maintained.
•  Quantifying the potential impact by assessing the residual cyber risk and considering risks that need to be addressed through insurance as a way of transferring cyber risk.
•  Reporting all enterprise risks consistently and comprehensively to the Board to enable the comparison of all risks equally in ensuring that they are prioritized correctly.
•  Conduct red team exercises (accurate simulation of cyber-crime attacks).
•  Ethical hacking

Qualifications and Competencies

•  Possession of a bachelor’s degree in a Computer Science, Information Technology or related field from a recognized university.
•  Possession of professional qualifications such as CISM, CISA, Security+, CASP, CCNA security or CISSP
•  Membership to a relevant professional body.
•  Should have a minimum of five years’ relevant working experience, with two years’ experience in IT Risk or Information Security.
•  Should have experience and knowledge of best practice IT controls and thorough understanding of regulatory requirements.
•  Should have experience in ethical hacking, control design, operation and effectiveness testing.
•  Should have thorough understanding of security practices, the design of secure systems and the operation of security processes and technology.