Vacancies at Equity Bank Kenya

Job Purpose:

• The Information Security Officer (ISO)– Subsidiary operations is responsible for leading and managing the subsidiary security operations in all the markets Equity operates in and delivering the defined security plans that will achieve the desired security posture for the subsidiaries.
• The ISO will need to work closely with the country MDs and heads of IT to ensure an effective and risk driven approach is tailored for each country and is embodied in the country specific security plans agreed and funded for implementation.
• We are seeking someone with established background having led security function(s) across African markets, with strong technical and business knowledge, experience handling a fast-paced operational cadence, and a results-driven mindset.

Key Performance Areas: Job responsibilities/ outputs of the position 

•  Contribute to the development and maintenance of the Group Information Security Strategy representing the needs of the Equity Subsidiaries
•  Lead the execution of the local Subsidiary security strategies in country, in alignment with the Group strategy and local market conditions
•  Lead and direct the Subsidiary security teams to deliver on the holistic cybersecurity mandate and commitment across the Equity Group and Subsidiaries
•  Manage the development, integration, and monitoring of detailed Subsidiary security plans in accordance with the frameworks, goals and targets agreed with Group CISO and the requirements of the stakeholders of the individual Subsidiaries.
•  Establish and enforce the necessary governance and supporting structures for the effective implementation of security controls and execution of the security plan at the Subsidiaries, including regular cadence of engagement with local Subsidiary stakeholders and leadership
•  Provide technical guidance and advice as required to direct subordinates and Subsidiary teams.
•  Compile reports on the status and performance of the Subsidiaries as required.
•  Monitor security operations within the Subsidiaries, address and escalate any non-performance and prepare security operational performance reports.
•  Participate in the recruitment and selection of direct reports and Subsidiary security staff according to organisation structure, job requirements and guidelines.
•  Lead, mentor and empower employees and manage change within the team (including Subsidiary team members) to ensure a positive work environment in which employees develop and perform optimally.
•  Develop performance contracts for direct reports and Subsidiary security staff and ensure delivery according to the contract. 
•  Manage staff development initiatives, succession planning and talent management to meet performance standard for direct reports and Opco security heads.
•  Build and maintain relationships with internal and external stakeholders in order to ensure regionally relevant information, advice or opinions on relevant matters is made available and/ or communicated appropriately and timeously.

Qualifications
Education

•  Four-year tertiary qualification in Information Technology, Computer Science, or a related field
•  Additional business-related qualifications such as MBA is preferred
•  Industry certification: CISSP, CISM or equivalent.

Experience

•  10+ years of relevant work experience in Information Security
•  5+ years of experience at the Senior Management level in banking or telecommunications industry
•  2-3 years working experience in managing info/ cybersecurity in a large organisation
•  Experience in managing large teams across multiple organisations / countries
•  Experience in designing and implementing organisation wide info/ cybersecurity framework & projects
•  Experience in managing and implementing large scale info/ cybersecurity projects
•  Experience working in various countries in Africa and have a grasp of political, social, infrastructure and integrity challenges
•  Experience in development of security strategies, supporting execution plans
•  Negotiation of and management of budgets across multiple entities
•  Ability to work in a highly dynamic environment, within an extremely fast paced, high growth company.
•  Strong understanding of common best practices, frameworks, and regulations (NIST 800-53, ISO 27001, OWASP, MITRE ATT&CK, CIS, etc).

Key Critical Competencies

•  Excellent executive presentation and communication skills.
•  Ability to articulate cyber risk to business leaders within the context of corporate strategy and threat environment.
•  Good Analytical skills, Problem solving and Interpersonal skills
•  Ability to lead through influence, including at executive levels

go to method of application »

Role Purpose:

• The role is primarily to enforce logical security at the various layers of the Bank’s IT infrastructure (network, database, application and operating system layer)
• Administration of users across all applications in the bank including Finacle and Active Directory.
• Management of user roles on the applications that support Role Based Access Control (RBAC)
• Provide password management support for users across multiple platforms.
• Periodic review of user login activities for inactive or unused user profile
• Provide input for security awareness based on identified risk in user management activities.
• Ensure security of all Information entrusted to the staff.

Key Responsibilities:

• Enforcing logical security at the various layers of the Bank’s IT infrastructure (network, database, application 
  and operating system layer)
• Ensure IAM solution is functional and serving the business.
•  Management approval of user roles on the applications that support Role Based Access Control (RBAC)
• Provide password management support for users across multiple platforms.
• Periodic review of user login activities for inactive or unused user profile.
• Provide input for security awareness based on identified risk in user management activities.
• Ensure security of all Information entrusted to the staff.
• Review of staff in sensitive units.
• Review of AD sensitive groups to identity excessive privilege.
• Manage privilege account through the use of PAM and Azure PIM.
• Manage MFA profiling using Cisco Duo MFA and Office 365 MFA portal.

Reporting:

• Weekly, Monthly and Quarterly report of new access
• Weekly, Monthly and Quarterly report of access violation
• Weekly, Monthly and Quarterly report of staff role change
• Weekly, Monthly and Quarterly report of new access removal
• Report on Prevent unauthorized access to systems and services.
• Periodic Review of access to telecom assets for all Users
• Password Policy compliance monitoring and report
• Report Data for Root Cause analysis of detected incidents should be available

Qualifications

Education:

• Certified information systems security professional (CISSP)
• CAP Certified Authorization Professional
• SSCP Systems Security Certified Practitioner 
•  Any certification on access and authorization
• Any Certification of Microsoft Cloud 
•  CompTIA Certification on Security

Tools:

• Azure AD PIM
•  MS Cloud Apps
•  IAM solution
• PAM (Thycotic Privilege Manager)
• Manage Engine ADPlus
• Microsoft Cecurity Center
• Microsoft EDR portal

Required Skills:

•  Knowledge of the Bank’s IT solutions
•  Effective Communication and Presentation skills
• Good report writing skills
• Consistent feed on local and global fraud trends
•  Ability to identify appropriate security controls to address existing/potential risk
• Good knowledge of Information Security best practices
• Proficiency in the use of Microsoft Office Tools

go to method of application »

Job Purpose:   

This entails monitoring networks to detect any intrusion or hostile activities. It also involves taking measures such as carry out design, implementation, and administration of technical cybersecurity defenses for firewalling, segmentation, network intrusion detection, and prevention; network access monitoring and control, network vulnerability scanning, penetration testing, etc., to defend against malicious attacks on the systems.

Job Responsibilities

•  Maintaining LAN, WLAN and architecture of the Network as per the business policy
• Measure, analyze and implement new security protocols for greater efficiency against any threat or malfunctions.
• Generating and maintaining the virtual private network, firewalls, web protocols and email security decorum.
• Reporting the security analysis of findings.
• Investigations of Network Security breach alert.
• Drive the implementation of Security standard for Network devices across the Group.
• Conduct periodic security reviews on the Network infrastructure and also reviewing connection matrix.
• Monitoring of web security gateways, perimeter security, network access controls, endpoint security 

Qualifications
Knowledge and Experience 

• 3-5 years of relevant work experience in Information Technology (specifically security)
• 3-5 years’ experience in core network technologies of a telecom or Banking environment
• 3-5 years working experience in managing information security in a large organization
• Experience in designing and implementing organization wide information security Network architecture and framework
• Experience in managing and implementing large scale information security Network projects
• Advanced working understanding of the information technology and Networking environment of a Financial and Technology driven         Organization

Preferred certifications: 

•  CISSP, CCNP, Network +, CISM, CGEIT or equivalent.
   

go to method of application »

Job Purpose:   

The Data Protection Specialist is responsible for executing and administering Data Protection functions and supporting systems. Responsibilities will include overall systems management; support and execution of Data Protection roadmap and the related projects; organizational awareness, processes and procedures and compliance with audits/assessments related to Data Protection administration.

Job Responsibilities: 

• Work with vendors to support the DLP technology (troubleshooting, upgrades, etc.)
• Administration of the DLP tools which includes configuring policies, upgrading and patching, etc.
• Monitor alerts generated from the DLP systems and other technologies
• Understand and follow the incident response process through event escalations
• Respond to escalations by the Incident Response Team
• Follow processes to maintain the DLP system
• Assist the team with incident management and responding to Data Subject Rights Requests.
• Assist with the development of existing policy documentation and related practical guidance.
• Support data protection training and awareness initiatives across the Group.

 
Qualifications
 
Knowledge and Experience 

• 3-5 years’ experience in implementation and administration of DLP solution in the  Banking environment
• Experience with Microsoft Windows operating systems, Office 365, Enterprise Mobility and Security (EMS) and Enterprise Mobility Management (EMM)
• Experience with Privilege Access Management solutions, Least privilege Access Management platforms and multi-factor authentication solutions among other technologies
• Experience in managing Information Security compliance
• In depth knowledge of Information risk concepts / relating business needs to security controls

Preferred certifications:

• CISSP, CCNP, Network +, CISM, CGEIT or equivalent.

go to method of application »

Job Purpose:  

The Application Security Analyst provides expertise to inform and validate the secure design and development of IT applications including changes to existing applications.

Job Responsibilities:

•  Ensure that application security is an embedded and critical part of the software delivery lifecycle (including during the early stages of projects) regardless of delivery methodology and tool sets used (e.g. static code analysis)
•  Train and educate developers and teams in secure coding techniques including use of supporting toolsets and enable them to self-service.
•  Perform application vulnerability assessments including regular scanning and penetration testing activities in terms of post deployment security testing on Web based, Mobile, Cloud application, Robotics, IOT etc
•  Perform secure code review across a variety of programming languages
•  Help tune Web Application Firewalls (WAF) and modify WAF policy to virtually patch applications where required.
•  Develop functional security testing scripts and procedures and identify opportunities to automate security testing and processes
•  Identify inherent vulnerabilities and information security risks within systems and applications

Qualifications
Education:

•  A bachelor’s degree in IT/ Computer Science/ Telecommunications/ Engineering (Electrical or 
• Electronic) or related field from a recognized university.
•  Must possess at least one professional certification such as CEH (Certified Ethical Hacker), LPT (Licensed Penetration Tester Master), OSCP (Offensive Security Certified Professional), CompTIA PenTest+, CMWAPT (Certified Mobile & Web Application Penetration Tester).

Knowledge and Experience

•  A minimum of 5 years’ supervisory experience in Information Technology; with at least:
•  3 years’ experience in Information Security.
•  Preferably 2 years Banking Experience in Active Application Security Testing
•  Good knowledge of Banking/ Financial Services Operations
•  Excellent planning and organizing skills
•  Excellent problem analysis and attention to detail.

Competency:

•  Web Application, Mobile, Cloud Application, Robotic Automation testing, IOT