Job Openings at Equity Bank Kenya

Description

The Senior Manager, Business Support works closely with the GCISO to plan and monitor the overall vision and strategy of the Group Information Security (GIS) function. The role is responsible for monitoring the execution and implementation of department strategy, governance, performance management and the definition of ways of working for example, common methodologies, processes, and tools for developing and operating the department.

The position focuses on ensuring that the department "does the right things" through strategy, execution and governance, as well as "doing things right" through organizational and operational model development and performance management. The position ensures that the department is well imbedded into the entire Equity Group commercial and functional business units and countries.

Job Responsibilities/ Accountabilities:

• Works closely with the GCISO to drive focus and prioritization within the department through establishing strategic planning and governance processes.
• Works with the GCISO and business leadership team, providing broad insight to the GIS teams on the required capabilities in support of the departments wide business objectives.
• Establishes and implements continuous-improvement programs for the GIS function. Drive improvements to methods and processes to increase productivity, at the same time maintaining strict quality levels
• Stays current with developments in emerging market trends and innovations platforms and third-party ecosystems and how value is being created and monetized.
• Is responsible for the continuous tracking of GCISO deliverables and commitments to the business and other stakeholders.
• Is responsible for the preparation, review and consolidation of business plans and budgets for the department.
• Tracks Subsidiary commercials due to Group and drive timely payments thereof.
• Develop and maintain Opex costs trees for all major cost items, clearly identifying the contribution to total Opex
• Ensure that the cost of operations is reduced in line with cost operating strategy stemming from the business drivers
• Ensure that all month end, quarter end and year-end requirements are met within the required time frames
• Represent GCISO in meetings when required.
• Build and maintain strong relationships with all Equity stakeholders.

 Knowledge and Experience

• At least 7 years of experience with at least 3 years supporting a CIO or CISO or an Executive of a dynamic institution in planning, strategy development, execution and performance monitoring.
• Prior experience in business planning, financial planning, budgeting, and performance monitoring in a digital enterprise.
• Strong communication skills, with internal and external stakeholders
• Demonstrated experience in application of data-informed analytics in supporting executive decision making.
• It would be a big plus if you have...
• Prior experience building investment and commercial business cases
• Experience preparing board papers, coordinating cross functional teams in developing defensible ideas to management committees and boards of directors

Qualifications

• Bachelor's degree with major in Commerce, Economics, or any other relevant business-related degree.

go to method of application »

Job Purpose: 

The Information Security Officer (ISO)– Subsidiary operations is responsible for leading and managing the subsidiary security operations in all the markets Equity operates in and delivering the defined security plans that will achieve the desired security posture for the subsidiaries.

The ISO will need to work closely with the country MDs and heads of IT to ensure an effective and risk driven approach is tailored for each country and is embodied in the country specific security plans agreed and funded for implementation.

The role must have an established background leading a security function, with strong technical and business knowledge, experience handling a fast-paced operational cadence, and a results-driven mindset.

Key Performance Areas: Job responsibilities/ outputs of the position

• Contribute to the development and maintenance of the Group Information Security Strategy representing the needs of the Equity Subsidiaries
• Lead the execution of the local Subsidiary security strategies in country, in alignment with the Group strategy and local market conditions
• Lead and direct the Subsidiary security teams to deliver on the holistic cybersecurity mandate and commitment across the Equity Group and Subsidiaries
• Manage the development, integration, and monitoring of detailed Subsidiary security plans in accordance with the frameworks, goals and targets agreed with Group CISO and the requirements of the stakeholders of the individual Subsidiaries.
• Establish and enforce the necessary governance and supporting structures for the effective implementation of security controls and execution of the security plan at the Subsidiaries, including regular cadence of engagement with local Subsidiary stakeholders and leadership
• Provide technical guidance and advice as required to direct subordinates and Subsidiary teams.
• Compile reports on the status and performance of the Subsidiaries as required.
• Monitor security operations within the Subsidiaries, address and escalate any non-performance and prepare security operational performance reports.
• Participate in the recruitment and selection of direct reports and Subsidiary security staff according to organisation structure, job requirements and guidelines.
• Lead, mentor and empower employees and manage change within the team (including Subsidiary team members) to ensure a positive work environment in which employees develop and perform optimally.
• Develop performance contracts for direct reports and Subsidiary security staff and ensure delivery according to the contract.  
• Manage staff development initiatives, succession planning and talent management to meet performance standard for direct reports and Opco security heads.
• Build and maintain relationships with internal and external stakeholders in order to ensure regionally relevant information, advice or opinions on relevant matters is made available and/ or communicated appropriately and timeously.
• Empower all relevant stakeholders by ensuring information, advice or opinions on relevant matters are made available and clearly communicated through various channels and platforms.
• Ensure compliance to all Equity policies and procedures, as well as country specific regulation across the markets Equity operates in
• Establish good external working relationships and collaborative arrangements with external service providers, cyber community of practices and/or other organisations to help achieve the goals.
• Maintain knowledge of and monitor changes in relevant legislation and the regulatory environment across the markets, review and approve the systems that ensure compliance and reduce risk as well as oversee implementation thereof.
• Ensure reporting requirements are complied with and accurate information is disseminated to support specific decisions or activities in the Subsidiaries
• Represent GIS at various forums and committees within Subsidiary and Group.
• Attend and participate in Equity governance structures and forums, as required.

Role Complexity: 

• Matrix management for security planning and operation
• Management of security control environment across at least 13 domains in all the Technology functions and in at least 7 markets of Equity Group
• Fast paced and high growth environment

Budgets/ Financial Input

• Accountable for budgetary and strategic oversight for all elements of Subsidiary security function, including technology licensing, contractor management and service provider contracts
• Manage the development of Subsidiary security budgets in support of the Subsidiary security strategy and business plans (Capex and Opex) in accordance with the Subsidiary and Group budget guidelines; work with subsidiary leadership teams to agree budgets during annual budget planning and ensure timeous preparation of forecasts during the financial year.
• Monitor the Subsidiaries security budget and expenditure on a monthly basis
• Manage project initiative budgets in line with business objectives
• Drive initiatives that will ensure that the “cost of operations” is reduced, in line with a least cost operating strategy stemming from the business drivers.  

Qualifications
 
Job Requirements (Education, Experience and Competencies)

Education

• Four-year tertiary qualification in Information Technology, Computer Science, or a related field
• Additional business-related qualifications such as MBA is preferred
• Industry certification: CISSP, CISM or equivalent.

Experience

• 10+ years of relevant work experience in Information Security
• 5+ years of experience at the Senior Management level in banking or telecommunications industry
• 2-3 years working experience in managing info/ cybersecurity in a large organisation
• Experience in managing large teams across multiple organisations / countries
• Experience in designing and implementing organisation wide info/ cybersecurity framework & projects
• Experience in managing and implementing large scale info/ cybersecurity projects
• Experience working in various countries in Africa and have a grasp of political, social, infrastructure and integrity challenges
• Experience in development of security strategies, supporting execution plans
• Negotiation of and management of budgets across multiple entities
• Ability to work in a highly dynamic environment, within an extremely fast paced, high growth company.
• Strong understanding of common best practices, frameworks, and regulations (NIST 800-53, ISO 27001, OWASP, MITRE ATT&CK, CIS, etc).

Key Critical Competencies

• Excellent executive presentation and communication skills.
• Ability to articulate cyber risk to business leaders within the context of corporate strategy and threat environment.
• Good Analytical skills, Problem solving and Interpersonal skills
• Ability to lead through influence, including at executive levels

go to method of application »

Role Summary

The Head of Group SOC will be responsible for the management of the Inhouse local SOC and the Offshore SOC. He/ she will lead a team of cyber security professionals within a 24/7 security operations center, that rapidly monitors, analyzes, identifies, contains and resolves information security incidents in all Equity systems across the markets we operate in.

The Head of SOC ensures all incidents are handled as quickly as possible, according to industry best practices, and in concert with Equity Policies, Business Units, and Technology Teams. This role requires a transformational leader who will shape the future of response at Equity, leveraging threat hunting, metrics, automation, and machine learning to detect and respond at scale and instantly across all Equity environments.

Job Responsibilities

• This is a senior management role responsible for managing the Security Operations Centre (Inhouse and Outsourced), detecting, responding to and managing security incidents to protect the Group’s Information assets.
• Formulate and develop the Security Operations Framework including SOC processes, policies and procedures.
• Build, develop and manage a Security Operations Centre.
• Manage all day to day activities within the Security Operations Centre to ensure effective operation of threat detection and prevention.
• Provide leadership, guidance and technical expertise in running of a SOC.
• Ensure the Bank’s security detection, protection, response, and recovery procedures are up to date, tested maintained and followed.
• Be accountable of the security incident management.
• Ensure proper integration and handover of new security services within the monitoring and detection capability of the SOC.
• Ensure continuous SOC services improvement.
• Set-out key security performance indicators that ensures proper service delivery and service improvements
• Develop and maintain SOC related policies, procedures and processes to ensure all necessary information and security data is continuously being collected, correlated and analysed to detect potential external and internal threats to the organization.
• Develop metrics needed to communicate risk levels to the organization and articulate the value derived from the SOC Services to the Group.
• Develop and provide reports on a regular basis to meet management, compliance or audit needs
• Collaborate with relevant internal stakeholders including security, Risk, Operations, IT, NOC, etc. to ensure appropriate security incident management and threat response processes are in place and maintained.

Knowledge and Experience

• Bachelor’s Degree in Information Technology, Information Security/Assurance, Engineering or similar area of study
• Hold at least one relevant industry certifications (GCIH, GCED, CISSP, CISA, CISM, etc.)
• Understanding of SIEM tools such as Splunk, ArcSight, RSA, McAfee ePO, etc.
• Experience building and maintaining a high performance team of analysts.
• Expertise with industry standard frameworks (ISO, NIST, PCI).
• Experience maintaining metrics and SLAs.
• Minimum 5 years Security management, with experience building long-term career development plans for team members at all levels.
• Proficient in Incident Management and Response
• Experience in security device management and SIEM
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Experience in threat management
• Knowledge of various operating system flavors including but not limited to Windows, Linux, Unix
• Knowledge of applications, databases, middleware to address security threats against the same.
• Knowledge of a number of the following: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM).
• Ability to effectively provide briefing to the business stakeholders regarding ongoing security incidents and threat Levels.
• Experience in managing a multi-Tier SOC team including training, shift schedules performance reviews and attendance
• Experience in managing and maintaining relationships within an organisation, with vendors and customers.

Key Critical Competencies

• Proficient in preparation of reports, dashboards and documentation
• Excellent communication and leadership skills
• Experience in performing vendor management
• Ability to handle high pressure situations with key stakeholders
• Good Analytical skills, Problem solving and Interpersonal skills
• Deep knowledge of Bank’s infrastructure, networks and systems

go to method of application »

Description

Equity Group Foundation (EGF) is a corporate foundation of Equity Group Holdings Plc. It was created in 2008 to undertake the social investment work of the bank. It focuses on six critical thematic areas; Agriculture, Education & Leadership Development, Energy & Environment, Entrepreneurship, Financial Education & Inclusion, and Health.

 Key Duties and Responsibilities

• Project database management
• Data Entry and Analysis
• Provide support and coordination in mapping of project beneficiaries
• Provide TOT training on platform use to the field officers.
• Documenting and providing monthly report on the project implementation.
• Provide timely, accurate information and advice to the management and operational staff on all aspects of the projects

Qualifications

• Bachelor’s degree in IT or Related field from a recognized university
• GIS Knowledge is added advantage
• Computer literate and proficient in Microsoft applications practically Excel, Word, Outlook and PowerPoint.

Skills/Experience Required

• Organizational and planning skills
• Communication skills
• Analytical skills
• Self initiative
• Team player
•  Attentive to details and accuracy
• Flexibility