Senior Manager, Information Risk

Posted Yesterday
Be an Early Applicant
Hiring Remotely in Kenya
Remote
Senior level
Fintech • Software • Financial Services
The Role
Lead information risk and technology risk assessments, oversee cyber risk reviews (including ITGCs and application controls), coordinate red team and SWIFT attestation, advise on cloud and AI/ML risks, run project assurance and post-implementation reviews, report trends to senior leadership and board, and drive information risk awareness and remediation across the group.
Summary Generated by Built In
  1. KEY RESPONSIBILITIES: MUST NOT BE MORE THAN 10

 

  • Provide leadership in individual Information Risk / Technology related Risk and advisory assignments for the assigned scope.

  • Conduct Technology and Information risk assessments through Information Risk Managers and Analysts to develop the annual Group Information Risk action plan.

  • Provide leadership in cyber security risk related reviews and advisory assignments, IT general and IT application control risk reviews on information systems and Technology environment to give assurance on the effectiveness and efficiency of the preventive control and compliance to KCB Group policies, International Standards (ISO 27001, ISO 22301, PCI DSS, NIST 800 series, etc.), and Regulatory requirements and guidelines.

  • Provide leadership in emerging risks, threat hunting, Cloud computing & AI/ML by working with business functions in Technology in providing mitigations.

  • Providing regular updates to group senior leadership and the board on the latest trends.

  • Perform ongoing risk-based project assurance and post implementation reviews on Technology related projects.

  • Coordinate Red Team exercises across the group and SWIFT attestation program in timely manner.

  • Tracking of outstanding risks in DORCCO, GORCCO, CAB meetings.

  • Be a member of CAB representing the Information Risk Department.

  • Conduct, follow up and validate closure of PIR & KCSA review issues action plans as per stakeholder engagement agreements and track to completion within agreed timelines.

Design and monitor implementation of Information risks awareness program across KCB Group

  • Responsible for oversight and challenge of Information risks across KCB Group, including Information Security, Technology and Data quality risks. 

  •  

MINIMUM POSITION REQUIREMENTS
 

Academic & Professional
 

  • ParticularsDetailSpecific Field or Qualification 

    Need

    Type[1]

    Education 

    Bachelor’s Degree

    Information Technology, Electrical Engineering, Computer Science, Business, Mathematics & Computer Science, Information Systems, BBIT

    RQ

    Professional Qualifications – Information Risk, Security and BCM

    Relevant certifications in Information Security and Risk Management knowledge areas such as CRISC, CISM, CISSP, CISA or equivalent. 

    RQ

    Master’s Degree

    Information Technology, MBA, Computer Science, Information Systems, 

    AA

     

Experience

 

  • Total Minimum No of Years’ Experience Required

    6

     

    Detail

    Minimum

    No of Years

    Need Type[2]

    1. Experience Information Risk /or IT Security and/or IT Audit

    6

    ES

    1. Vulnerability Assessments Experience

    5

    ES

    1. Red Team Exercises and / or Penetration Testing Experience

    5

    ES

    1. Stakeholder management

    5

    ES

    1. People management

    2

    DE

    1. Banking experience

    6

    DE

    1. Project Management

    5

    ES


  • [2]Need Types are ESSENTIAL if minimum years are required.

    Any experience a staff has in in areas with blanks is an ADDED ADVANTAGE.

                                                                

Responsibilities
  • Lead and mentor a team of Information Risk Managers and Analysts, fostering a collaborative and high-performing environment.
  • Conduct comprehensive reviews and provide independent assurance on projects, cybersecurity, and governance initiatives.
  • Offer objective and insightful recommendations to enhance the bank's information systems and ICT infrastructure.
  • Ensure the bank's data and systems are secure and compliant with industry standards and regulations.
  • Stay updated with emerging technologies and trends, identifying potential risks and opportunities for the bank.
  • Collaborate with various departments to understand their information risk needs and provide tailored solutions.
  • Develop and implement risk assessment frameworks and methodologies to identify and mitigate potential risks.
  • Prepare and present risk reports to senior management, offering clear and actionable insights.
  • Build and maintain strong relationships with internal stakeholders and external partners to ensure effective risk management.
  • Stay informed about industry best practices and contribute to the bank's overall risk management strategy.
Qualifications
  • Bachelor's degree in Computer Science, Information Technology, or a related field, with a Master's degree preferred.
  • Minimum of 8 years of experience in information risk management, with a proven track record of leading teams.
  • Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) certification is an advantage.
  • Strong knowledge of information security principles, risk assessment methodologies, and industry standards.
  • Excellent leadership and mentoring skills, with the ability to inspire and develop a high-performing team.
  • Analytical mindset with a problem-solving approach, able to identify risks and propose effective solutions.
  • Effective communication skills, both written and verbal, to present complex information to diverse audiences.
  • Ability to work independently and manage multiple projects simultaneously, ensuring timely delivery.
  • Strong interpersonal skills to build relationships and collaborate with stakeholders at all levels.
  • A proactive and innovative mindset, constantly seeking opportunities to enhance the bank's information risk management practices.

Skills Required

  • Bachelor's degree in Information Technology, Electrical Engineering, Computer Science, Information Systems or related
  • Relevant certifications in Information Security and Risk Management (CRISC, CISM, CISSP, CISA or equivalent)
  • Minimum 6 years' experience in Information Risk, IT Security or IT Audit
  • Vulnerability assessment experience (minimum 5 years)
  • Red team exercises and/or penetration testing experience (minimum 5 years)
  • Stakeholder management experience (minimum 5 years)
  • Project management experience (minimum 5 years)
  • People management experience (minimum 2 years)
  • Banking/financial services experience (minimum 6 years)
  • Knowledge of information security standards and frameworks (ISO 27001, ISO 22301, PCI DSS, NIST 800 series)
  • Experience coordinating SWIFT attestation and running Red Team exercises
  • Ability to conduct risk assessments, prepare risk action plans, follow up on PIR & KCSA issues, and present risk reports to senior leadership/board
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Nairobi, Kenya
6,751 Employees
Year Founded: 1896

What We Do

KCB Group, is the largest financial services organization in East Africa in terms of asset size. The Group's headquarters are located in Nairobi, Kenya, with subsidiaries in Kenya, Rwanda, Southern Sudan, Tanzania, Uganda and Burundi. In 2015, KCB Group opened a representative office in Ethiopia, expanding the growth of the organization. The Bank is over 124 years old having started in Mombasa in 1896. KCB Group has over 354 branches, 26,394 Agents/POS Merchants and 1,103 ATMs. The bank also offers Mobile Banking though the KCB App, Internet Banking and Diaspora Banking Services platform that can be accessed 24/7 basis. The Bank services over 26.8 million customers across the region. KCB Group is the largest financial services organization in East Africa, with an estimated asset base of approximately Ksh. 1.02 trillion as at the of end H1 2021.

Similar Jobs

Athena (athena.com) Logo Athena (athena.com)

Manager, Operations

Software • Business Intelligence • Consulting
Remote
Nairobi, KEN
4471 Employees

Teltonika IoT Group Logo Teltonika IoT Group

Sales Representative

Hardware • Information Technology • Internet of Things • Industrial
Remote
Nairobi, KEN
2500 Employees

Teltonika IoT Group Logo Teltonika IoT Group

Business Development Representative

Hardware • Information Technology • Internet of Things • Industrial
Remote
Nairobi, KEN
2500 Employees
Remote
Nairobi, KEN
119 Employees

Similar Companies Hiring

Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Kepler  Thumbnail
Fintech • Software
New York, New York
6 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account