Vacancy title:
Chief Information Security Officer

Jobs at:
Spire Bank Kenya

Deadline of this Job:
24th August 2018

Duty Station:
Nairobi, Kenya

Summary
Date Posted: 14th August 2018 , Base Salary: Not Disclosed , Employment Type: Full-Time

Spire Bank Kenya  is a well-established and growing financial institution that provides a comprehensive package of financial services and products, tailored to suit clients’ requirements

JOB DETAILS:
The institution is seeking to hire a qualified and highly experienced Chief Information Security Officer (CISO) the role entails looking at data management and analytics, which will help the Bank to better anticipate the nature of threats and determine the most appropriate action to meet them.

The Key Roles:

•  Overseeing and implementing the Bank’s cyber security program and enforcing the cyber security policy/framework.
  
•  Ensuring the Bank maintains a current enterprise-wide knowledge base of its users, devices, applications and their relationships, including but not limited to:
  
•  Software and hardware asset inventory;
  
•  Network maps (including boundaries, traffic and data flow); and
  
•  Network utilization and performance data.
  
•  Ensuring that information systems meet the needs of the Bank, in particular information system development strategies, comply with the overall business strategies, ERM framework, risk appetite and ICT policies.
  
•  Design cyber security controls with the consideration of users at all levels of the organization, including internal (i.e. management, permanent & contract staff and direct sales representative) and third party users/external users (i.e. contractors/consultants, business partners and service providers).
  
•  Organizing professional cyber related trainings to improve technical proficiency of staff.
  
•  Conducting regular and comprehensive cyber risk assessments that consider people (i.e. employees, customers, outsourcing and other external parties), processes, data, and technology across all its business lines and locations.
  
•  Monitoring current and emerging cyber risks.
  
•  Maintain comprehensive cyber risk register. Risk identification should be forward looking and include the security incident handling.
  

Reporting to the board on an agreed interval but not less than once per quarter on the following:

•  Assessment of the confidentiality, integrity and availability of the information systems in the banks.
  
•  Detailed exceptions to the approved cyber security policies and procedures.
  
•  Cyber risk identification.
  
•  Assessment of the effectiveness of the approved cybersecurity program.
  
•  All material cyber security events that affected the bank during the period.
  
•  Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
  
•  Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
  
•  Ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location.
  
•  Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.
  
•  Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the bank can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
  
•  Collaborate with other the banks and the security agencies to share the latest cyber threats/attacks encountered by the bank.
  

Key Skills, Experience and Personal Competencies Required
Skills

•  Excellent interpersonal & Communication Skills
  
•  Working in Teams
  
•  Excellent analytical skills
  
•  Organization skills
  
•  Problem solving skills
  
•  Excellent knowledge of security tools
•  Report writing skills
  

Experience

•  3- 5 years Banking Experience
  Recommended Minimum Qualifications
  Education Level
  
•  Graduate – BSc. Degree in Information Technology , Mathematics or Computer Science
  
•  Master’s degree would be advantageous
  Professional Qualifications
  
•  Certified Information Security Professional
  
•  Cisco Certified Network Associate
  
•  Cisco Certified Security Administrator
  
•  Check point Certified Security Administratorr