Equity Bank Senior Manager, Security Governance & Technical Assurance Jobs in Kenya
Mission/ Core purpose of the Job:
This role is responsible for embedding and maintaining technical security control requirement across the Equity network, infrastructure and systems.
Responsibilities include ensuring that appropriate security controls are implemented in the organisation by continuously reviewing and updating the policies, operational technology and security processes and standards in alignment to latest global threats, ensuring optimal performance of the services and identify control efficiencies in how security is operated across all domains. The incumbent will also perform continuous technical security assurance on all Technology service areas to ensure audit compliance and minimized risk exposure.
Context:
The individual needs to be able to work in a highly pressured planning and operational banking and technology environment
ISO 27001, OWASP, NIST, SANS and POPI
Fast changing, regulated business environment.
Security is managed cross business and IT functions, in at least 7 markets
The Group Information Security area has to deal with the rapid advancement of systems and technology within the following areas:
Various Technology platforms enabling many business and banking functions
Deal with and environment that is highly regulated and legislated
3rd Parties and the driving of these through supplying vendors fully fledged and detailed specifications and driving them in the fulfilment of these Requirement for single version of the truth across Equity Group
High data volumes
Key Performance Areas: Core, essential responsibilities / outputs of the position (KPA’s)
Technical Excellence:
Provide assurance that Equity Group’s assets are effectively managed and monitored to meet Equity security requirements – first-line management assurance.
Analize known and emerging threats to determine risks against Equity assets.
Review and document Information Security Policies, Processes and Procedures and meet governance in terms of legislative and audit requirements and provide consultation to business with regard to this.
Identification and management of information security risks within Equity by identifying, defining and maintaining the information security policy and functional standards for the organisation.
Create and continuously review security governing principles to guide information, technology, and solution decision making for Equity
Develop Group’s Critical Controls and Compliance universe, and drive the implementation of control mechanisms, which enable Information Security function to effectively manage the true status of information security within Equity.
Report on mitigating actions required to correct or remedy actions where necessary and inform IT Teams and relevant Business units of any significant changes and risk situations.
Consult to projects in terms of identifying risks, vulnerabilities and controls.
Perform first-line Security Assessments on internal environments and 3rd party environments, with the purpose of identifying shortcomings which risk to Equity and drive remedial actions.
Coordinate reporting and action plans in the event that a security incident does occur
Conduct monthly security service/ posture reviews across the environment and present reports to the relevant subsidiaries, business units and governance committees.
Represent Information Security in the relevant business areas in Equity as well as various IT/ risk or Security committees and forums within Equity.
Provide on-going subject matter expert level consultation to Equity project and operational teams, application owners, and other technology and network teams on relevant security controls requirements.
Operational Delivery:
Perform first-line management assurance on technical controls to minimise audit impact and risk exposure
Model threats and risks as well as the controls necessary to mitigate them, on both an organisational and technical level – thinking like a malicious
hacker, understanding and anticipating the moves and tactics that a hacker might use to attack Equity systems.
Work closely with the Technology teams to identify and select the right security controls to protect Equity’s network & IT infrastructure, cloud and IoT solutions: define functional and non-functional security requirements and criteria to conduct technology evaluation and selection.
Manage and run governance for Group Information Security function and drive the implementation of security governance and ensure adherence to it.
Foster a security-conscious culture within Equity IT, Operational and Business teams.
Collaborate with Technology teams to ensure that technical plans are practical, controls are sustainable, and implementation is managed to minimize risk and adverse impact to network, servers, workstations and user productivity.
Document and operationalize the processes and procedures necessary to sustain the security posture of the environment as well as processes to monitor security related control break-downs in the environment
Support Enterprise Risk Management in security related issues and investigations
Conduct Research and develop/ maintain policies to ensure they cater for new threats and technologies.
Develop, monitor and measure the deployment of security standards
Ensure procurement practices adhere to security protocols and security is embedded into the procurement process consistently.
Tactical planning:
Manage and develop the capability of the team to deliver security services needs of Equity Group.
Partner with business leaders and peer-level managers to assess the technological cost and impact of recommended changes, help clarify priorities, and coordinate cross-organizational/ subsidiary consortia where common needs have been identified.
Assess risks and the effects of specific requirements on other subsidiaries business processes and system priorities to ensure security services are aligned with business strategic objectives.
Identify high risk/priority security areas for improvement
Work closely with Finance teams in Group and Subs to ensure budgets and cost recovery procedures are in place and working effectively
Build a strong relationship with Subsidiary leadership to ensure delivery
Qualifications
Education:
Minimum of 3 years tertiary qualification (degree/ national diploma) pr equivalent in Information Technology
Security certification e.g. CISSP & CISM essential
Other qualifications (ITIL, TMF, COBIT) advantage
Fluent in English
Experience:
Min of 6 years in IT, 2 of which as an Information Security Senior Specialist or Manager in a large enterprise environment essential
Experience in Banking or Telco industry advantageous
Experience should ideally span multiple security domains ranging from security risk and governance, Data Loss Prevention, Authentication, Malware, Network Security, Applications and Operations Systems and Security across platform / database /network
Must have a wide breadth of knowledge and experience across security products, tools, and industry trends
Knowledge of current security risks and protocols as well as good working knowledge of technical risk management and assessments
Ability to interact with a broad cross-section of personnel to explain and enforce security measures
Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters
Expert knowledge of regulatory compliance requirements (PCI-DSS, ISO 27001, GDPR, etc.)
Excellent written and verbal communication skills as well as business acumen and a commercial outlook
Good analytic and problem-solving skills
Ability to work under pressure, as well as the ability to take independent initiative when needed.
Training:
Security certification courses
Microsoft certifications
Systems/Database/Network administration training
Some training on Oracle, SUN Solaris and Linux is also required
Training on any scripting language
IP network related training
Cloud security training
Architect and design certifications
How to Apply
For more information and job application details, see; Equity Bank Senior Manager, Security Governance & Technical Assurance Jobs in Kenya
Find jobs in Kenya. Jobs – Kenya jobs. Search our career portal & find the latest Kenyan job positions, career opportunities & jobs in Kenya.
Jobs in Kenya – banking jobs, IT jobs, accounting jobs, NGO jobs, business administration, ICT, UN jobs, procurement jobs, education jobs, hospital jobs, human resources jobs, engineering, teaching jobs, and other careers in Kenya.
Find your dream job from 1000s of vacancies in Kenya posted and updated daily – click here!