May 13, Equity Bank Senior Manager, Security Governance & Technical Assurance Jobs in Kenya

may-13,-equity-bank-senior-manager,-security-governance-&-technical-assurance-jobs-in-kenya

Equity Bank Senior Manager, Security Governance & Technical Assurance Jobs in Kenya

Mission/ Core purpose of the Job:

This role is responsible for embedding and maintaining technical security control requirement across the Equity network, infrastructure and systems.

Responsibilities include ensuring that appropriate security controls are implemented in the organisation by continuously reviewing and updating the policies, operational technology and security processes and standards in alignment to latest global threats, ensuring optimal performance of the services and identify control efficiencies in how security is operated across all domains. The incumbent will also perform continuous technical security assurance on all Technology service areas to ensure audit compliance and minimized risk exposure.

Context:

  • The individual needs to be able to work in a highly pressured planning and operational banking and technology environment
  • ISO 27001, OWASP, NIST, SANS and POPI

    Fast changing, regulated business environment.
  • Security is managed cross business and IT functions, in at least 7 markets
  • The Group Information Security area has to deal with the rapid advancement of systems and technology within the following areas:
  • Various Technology platforms enabling many business and banking functions
  • Deal with and environment that is highly regulated and legislated
  • 3rd Parties and the driving of these through supplying vendors fully fledged and detailed specifications and driving them in the fulfilment of these Requirement for single version of the truth across Equity Group

    High data volumes

    Key Performance Areas: Core, essential responsibilities / outputs of the position (KPA’s)

    Technical Excellence:

  • Provide assurance that Equity Group’s assets are effectively managed and monitored to meet Equity security requirements – first-line management assurance.
  • Analize known and emerging threats to determine risks against Equity assets.
  • Review and document Information Security Policies, Processes and Procedures and meet governance in terms of legislative and audit requirements and provide consultation to business with regard to this.
  • Identification and management of information security risks within Equity by identifying, defining and maintaining the information security policy and functional standards for the organisation.
  • Create and continuously review security governing principles to guide information, technology, and solution decision making for Equity
  • Develop Group’s Critical Controls and Compliance universe, and drive the implementation of control mechanisms, which enable Information Security function to effectively manage the true status of information security within Equity.
  • Report on mitigating actions required to correct or remedy actions where necessary and inform IT Teams and relevant Business units of any significant changes and risk situations.
  • Consult to projects in terms of identifying risks, vulnerabilities and controls.
  • Perform first-line Security Assessments on internal environments and 3rd party environments, with the purpose of identifying shortcomings which risk to Equity and drive remedial actions.
  • Coordinate reporting and action plans in the event that a security incident does occur

    Conduct monthly security service/ posture reviews across the environment and present reports to the relevant subsidiaries, business units and governance committees.
  • Represent Information Security in the relevant business areas in Equity as well as various IT/ risk or Security committees and forums within Equity.
  • Provide on-going subject matter expert level consultation to Equity project and operational teams, application owners, and other technology and network teams on relevant security controls requirements.

    Operational Delivery:

  • Perform first-line management assurance on technical controls to minimise audit impact and risk exposure
  • Model threats and risks as well as the controls necessary to mitigate them, on both an organisational and technical level – thinking like a malicious

    hacker, understanding and anticipating the moves and tactics that a hacker might use to attack Equity systems.
  • Work closely with the Technology teams to identify and select the right security controls to protect Equity’s network & IT infrastructure, cloud and IoT solutions: define functional and non-functional security requirements and criteria to conduct technology evaluation and selection.
  • Manage and run governance for Group Information Security function and drive the implementation of security governance and ensure adherence to it.
  • Foster a security-conscious culture within Equity IT, Operational and Business teams.
  • Collaborate with Technology teams to ensure that technical plans are practical, controls are sustainable, and implementation is managed to minimize risk and adverse impact to network, servers, workstations and user productivity.
  • Document and operationalize the processes and procedures necessary to sustain the security posture of the environment as well as processes to monitor security related control break-downs in the environment
  • Support Enterprise Risk Management in security related issues and investigations
  • Conduct Research and develop/ maintain policies to ensure they cater for new threats and technologies.
  • Develop, monitor and measure the deployment of security standards
  • Ensure procurement practices adhere to security protocols and security is embedded into the procurement process consistently.

    Tactical planning:

  • Manage and develop the capability of the team to deliver security services needs of Equity Group.
  • Partner with business leaders and peer-level managers to assess the technological cost and impact of recommended changes, help clarify priorities, and coordinate cross-organizational/ subsidiary consortia where common needs have been identified.
  • Assess risks and the effects of specific requirements on other subsidiaries business processes and system priorities to ensure security services are aligned with business strategic objectives.
  • Identify high risk/priority security areas for improvement
  • Work closely with Finance teams in Group and Subs to ensure budgets and cost recovery procedures are in place and working effectively
  • Build a strong relationship with Subsidiary leadership to ensure delivery

    Qualifications

    Education:

  • Minimum of 3 years tertiary qualification (degree/ national diploma) pr equivalent in Information Technology
  • Security certification e.g. CISSP & CISM essential
  • Other qualifications (ITIL, TMF, COBIT) advantage
  • Fluent in English

    Experience:

  • Min of 6 years in IT, 2 of which as an Information Security Senior Specialist or Manager in a large enterprise environment essential
  • Experience in Banking or Telco industry advantageous
  • Experience should ideally span multiple security domains ranging from security risk and governance, Data Loss Prevention, Authentication, Malware, Network Security, Applications and Operations Systems and Security across platform / database /network
  • Must have a wide breadth of knowledge and experience across security products, tools, and industry trends
  • Knowledge of current security risks and protocols as well as good working knowledge of technical risk management and assessments
  • Ability to interact with a broad cross-section of personnel to explain and enforce security measures
  • Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters
  • Expert knowledge of regulatory compliance requirements (PCI-DSS, ISO 27001, GDPR, etc.)
  • Excellent written and verbal communication skills as well as business acumen and a commercial outlook
  • Good analytic and problem-solving skills
  • Ability to work under pressure, as well as the ability to take independent initiative when needed.

    Training:

  • Security certification courses

    Microsoft certifications
  • Systems/Database/Network administration training

    Some training on Oracle, SUN Solaris and Linux is also required
  • Training on any scripting language
  • IP network related training
  • Cloud security training
  • Architect and design certifications

    How to Apply

    For more information and job application details, see; Equity Bank Senior Manager, Security Governance & Technical Assurance Jobs in Kenya

    Find jobs in Kenya. Jobs – Kenya jobs. Search our career portal & find the latest Kenyan job positions, career opportunities & jobs in Kenya.

    Jobs in Kenya – banking jobs, IT jobs, accounting jobs, NGO jobs, business administration, ICT, UN jobs, procurement jobs, education jobs, hospital jobs, human resources jobs, engineering, teaching jobs, and other careers in Kenya.

    Find your dream job from 1000s of vacancies in Kenya posted and updated daily – click here!

  • Click here to post comments

    Join in and write your own page! It’s easy to do. How? Simply click here to return to Africa Jobs.