ICT Risk Manager at National Bank of Kenya

Position Overview

We are seeking a qualified candidate to fill the position of ICT Risk Manager. The role holder will be responsible for supporting the risk identification and management process across all aspects of Information Technology for the Bank, updating executive management on the results of risk assessments, and making recommendations for mitigations to protect Bank systems or cover potential financial losses.

Key Responsibilities

• Develop and implement an ICT Risk Management Framework
• Conduct system vulnerability tests in line with Bank policies and global standards, and report to management on vulnerability and protection against cyber-attacks
• Identify and assess ICT risks, design mitigation controls, and monitor risks till closure
• Clearly document and define risks and their potential impact alongside the statistical probability of such events, and identify systems affected by the defined risks
• Develop ICT risk management guidelines to be used by all Divisions of the Bank
• Conduct system penetration testing during various stages of the system development lifecycle to ensure integrity, availability, and assurance of systems and technical processes
• Perform reviews on compliance with ICT security policies across the technology ecosystem
• Evaluate IT security policies, processes, and procedures for completeness and applicability
• Evaluate IT service management policies, processes, and procedures for completeness and applicability
• Work closely with Business functions to identify risks in products that use digital platforms
• Conduct fraud assessments on technology platforms in line with the Fraud Risk Management Policy
• Keep abreast with current advances in all areas of ICT security
• Continuously evaluate communication security, data vulnerability, and business continuity; examine employee compliance with security controls and identify deficiencies

Required Skills & Experience

A Bachelor's Degree in a relevant field is required.