Manager IT Risk

A reputable organization seeks a dedicated individual for this role. Job Purpose: The Manager ICT risk is responsible for establishing, implementing, and maintaining the Bank’s ICT Risk Management Framework in compliance with the Central Bank of Kenya (CBK) Guidelines and global standards which include ISO 27001, NIST CSF, COBIT, Basel Accords and other best practices. This role provides oversight of ICT risk, cybersecurity, vendor/third-party risk, and operational resilience. It ensures effective risk governance, regulatory compliance, and supports the Bank’s digital transformation agenda while safeguarding customer data, systems, and reputation. The Manager ICT risk closely with ICT, Cybersecurity, Operations, Internal Audit, ExCo, and the Board Risk Committee to ensure technology risk exposures are identified, mitigated, monitored, and reported effectively Key Responsibilities: ICT Risk Framework & Governance

• Develop, implement, and maintain the ICT Risk Management Framework aligned to CBK/PG/08,

• Prudential Guidelines, and ISO/NIST/COBIT standards.

• Review ICT policies, procedures, and controls across the Bank.

• Define and monitor ICT risk appetite, Key Risk Indicators (KRIs), and emerging risks, reporting to

• ExCo and the Board Risk Committee.

• Prepare and present ICT risk dashboards, incident reports, and governance updates to ICT

• Steering Committee, Service Council, Risk Champions, and Board Risk Commitee.

• Drive ICT risk awareness and training to embed a risk-aware culture across the Bank.

• Align the IT Risk Framework with the Banks overall strategy.

 ICT Risk Identification, Assessment & Mitigation

• Ensure ICT risk assessments are conducted, Risk Control Self-Assessments (RCSAs), and control testing for systems, infrastructure, and digital platforms.

• Ensure identification of risks across core banking, mobile/internet banking, agency, card systems, fintech integrations, and cloud solutions.

• Ensure update the ICT risk register, dashboards, and heat maps.

• Work with ICT Security to review cyber threats, vulnerabilities, and incident responses.

• Track closure of ICT risk issues, regulatory findings, and internal/external audit recommendations.

• Provide assurance on IT resource adequacy, capacity, and allocation, ensuring resourcing decisions do not expose the Bank to operational or compliance risks

Technology Projects & Change Risk Advisory

• Provide ICT risk advisory for new products, core banking upgrades, and new systems implementation.

• Support the Change Advisory Board (CAB) by reviewing risks in major system changes.

Cybersecurity & ICT Oversight

• Oversee penetration test and vulner...