Key Responsibilities:

• Audit Planning
• Assist in development of a Risk Based IT audit plan aligned to the business objectives of the Bank.
• Develop risk based IT audit programs, tests and checklists to assist in execution of IT audits for various systems in the Bank.
• Audit Execution
• Review IT Policies, Procedures and Processes and controls and provide recommendations for completeness and alignment to the generally accepted ISACA IS Audit Standards, ISO 27001 and other best practices.
• Execute risk- based IS audits in line with the approved IT Audit Plan and make recommendations from improvements; Provide assurance on the effectiveness of the Bank’s IT governance, IT management structure, adequacy of processes to support management in decision making process.
• Assist in Follow up on implementation of audit recommendations from various IT audits carried out by internally and also through external auditors.
• RISK ASSEMENTS
• Evaluate risk management practices in the in order to determine whether IT related risks are adequately managed to avert loses to the Bank.
• Audit Reporting
• Assist the Head of Internal Audit in preparing IT Audit reports for submission to Management and the Board Audit Committee; Present the key IT audit findings to Senior Management.
• Support
• Assist Internal Auditors in developing scripts and data analytics to assist them in their audit work; Offer support in carrying out fraud investigations that involve technical system manipulation.
• Support Internal Auditors in optimizing use of Computer Assisted Audit
• (CAATS) such as Teammate, and data analytic tools such as ACL, IDEA where appropriate.
• Provide advisory on proposed IT developments such as acquisition of new systems and system upgrades to ensure that IT risks are properly identified and controls embedded to mitigate the risks.
• Provide assurance that the practice of acquisition, development, testing and implementation of information systems meet the Bank’s strategies and objectives.
• Provide assurance that the processes for maintenance of the Bank’s information systems is adequate and whether they meet the user’s needs, expectations and overall bank strategy.
• Any other official duties that may be allocated from time to time by management

The Person:

• The ideal candidate must possess the following:

Qualifications

• Bachelor’s degree in Information Technology, Computer science or BBIT from a recognized university. Master’s Degree will be an added advantage.
• Certified Information Systems Auditor (CISA) is desirable.
• Must be a member of Information Security Audit and Control Association (ISACA).
• Certifications in Certified Information Security Manager (CISM), Certified in Risk and Information Systems and Control, Certified Information’s Systems Security Professional (CRISC), Certified Public Accountant (CPA K) will be an added advantage.
• Other IT certifications ICT certifications such as CCNA, MCSE, ITIL, PRINCE2 will be an added advantage.
• 2- 3 years’ experience in carrying out IT audit projects preferably in a financial institution; IT Audit experience in an audit firm will be an added advantage.
• Proficiency in Data Analysis tools ACL, IDEA and other Audit tools such as Teammate will be an added advantage
• Must demonstrate detailed knowledge and practical application of ISACA’s IT Standards and code of ethics for IT Auditors.
• Experience in carrying out audits in other areas such as Credit, Operations, Treasury, Finance within a Bank will be an added advantage; In- depth understanding of Bank operating environment and interlink between IT systems and business operations.
• Technical knowledge in information systems (Particularly Networks, Databases, operating systems and general computer applications); Ability to link technical IT gaps to possible benefits to the Bank.
• Detailed knowledge of information systems governance and security principles and practice e.g. ISO 27001, CIS Controls, NIST CSF, COBIT amongst others.

Key Responsibilities:

• Implementation of Market & Liquidity risk aspects of the Risk Management Framework and Market and Liquidity risk management strategy.
• Establish, maintain and review risk management policies and governance guidelines that will operate across all ALM risks.
• Define and revise risk appetites for Market and Liquidity Risks.
• Support the Mark to Market (MTM) and valuation processes by ensuring that the MTM sources are updated and reflective of market rates/prices.
• Establish and continuously enhance market risk measurement systems including valuation models, Value at Risk (VaR), sensitivities and stress testing.
• Conduct stress tests for Liquidity and Market risks and provide actionable recommendations from the stress tests conducted.
• Independent monitoring and oversight of the exposure limits, stop loss limits, VaR limits, counter party limits, rate tolerance limits and trader limits.
• Ensure compliance of Treasury’s trading activities with internal policies, regulatory guidelines and market best practices and action exceptions related to trading losses, breaches of risk limits and other Bank policies and guidelines.
• Participate in the market risk capital requirements calculation process under current regulatory frameworks.
• Ensure the bank’s compliance with Risk Management Guidelines on Market and Liquidity Risk and any other emerging regulatory requirements.
• Update the CRO or any existing or emerging significant risk exposures.
• Assist in the preparation of the Internal Capital Adequacy Assessment Process (ICAAP) report.
• Prepare market and liquidity risk reports for the Asset and Liability Committee (ALCO) and the Board Committee on Risk Management.
• Attend Treasury, ALCO and other Risk Committee Meetings as may be required.
• Follow up on issues raised in ALCO with the relevant business units to ensure resolution and provide feedback to the committee.
• Undertaking treasury middle office roles.
• Assess the risk profile of new products within the trading and investment books.
• Respond to ad hoc requests from the business, risk management or regulators.
• Assist the Chief Risk Officer in management of other risks as may be requested from time to time.
• Other official duties as assigned by the Chief Risk Officer.

The Person:

• The ideal candidate must possess the following:

Qualifications

• University degree or its equivalent in a quantitative discipline
• Professional certification (CPA, ACCA, FRM, and CFA) is an added advantage
• Minimum 4 years of relevant experience in market risk management or related field.
• Able to work with data to derive insightful reports and make recommendations
• Understanding of prudential and risk management guidelines relating to market risk

Key Competencies and Attributes

Interpersonal:

• Excellent communication and negotiation skills, with experience in developing and presenting recommendations to management.
• Commercial awareness
• Solution oriented
• Excellent interpersonal skills
• Must be a critical thinker and detail oriented
• Advanced knowledge and understanding of current local and global macro-economic conditions and dynamics
• Strong knowledge of Capital Market activities and main instruments
• Good understanding of Market Risk concepts and metrics (VaR, EVE/NII, scenario analysis, risk sensitivities, etc.), and governance frameworks.
• Strong analytical capabilities and problem solving skills to interpret data and draw conclusions.
• Ability to manipulate, analyze, summarize and present data/results
• Proficiency in Excel to maintain, improve and develop reporting tools
• SQL and Excel VBA programming skills is a plus

Key Responsibilities:

• Support in the implementation and continuous improvement of Family Bank’s cybersecurity program and policy.
• Gather, analyze and maintain a current enterprise-wide knowledge base of the Bank’s users, devices, applications and their relationships.
• Support in the design of adequate cybersecurity controls to mitigate against inherent to the Family Bank IT estate including customers.
• Gather cybersecurity intelligence through relationships within the Bank and also through industry benchmarking to facilitate timely updating of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
• Support in entrenching and reinforcing of bank-wide cybersecurity awareness culture.
• Regularly update the Bank’s network architecture and data flow diagrams based on changes made by ICT.
• Regularly review and ensure all servers, routers, switches, firewalls and user PCs are up to date with the latest patches, antivirus.
• On a regular basis carry out penetration tests and vulnerability assessments to ensure IT systems are secure and report on significant trends and vulnerabilities.
• Champion resolution of issues raised on ICT audits, control self-assessments, project and reputational risk.
• Collaborate with projects team to actively participate in IT change projects with an aim of designing cybersecurity controls.
• Assist to conduct root cause analysis on noted incidents to ensure no repeat instances arise.
• Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to ensure that the institution can continue to function and meet its regulatory obligations in the event of an unforeseen attack through cyber-crime.
• Assist to detect, report, respond, contain and mitigate incidents that impair adequate data and infrastructure security.
• Assist to constantly assist to update the security systems to deal with new threats. This involves staying abreast of technology news, researching new antivirus technology and new safety protocols.
• Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps.
• Carry out cybersecurity risk assessments for new products and IT projects in the Bank and follow through to ensure that appropriate mitigating controls have been put in place.
• Prepare weekly cybersecurity posture reports to management.
• Immediately report to the management on detected ICT and Information Security incidents
• Follow up for closure of audit issues raised and aversion of repeat incidences.
• Ensure the bank’s compliance with data protection act of 2019 and prudential guidelines on cybersecurity and any other existing or emerging regulatory requirements.
• Attend departmental meetings as may be required.
• Assist in the evaluation and recommendation for tools and solutions that provide security functions.
• Identify and report potential and actual Money Laundering Risk, including suspicious transactions in accordance with the laid down AML/CFT policies & procedures.
• Carry out other official duties as assigned by the Management.

The Person:

• The ideal candidate must possess the following:

Qualifications

• A Bachelor’s degree holder in Computer science, IT or related field.
• At least 3-years’ experience in a financial institution; or a certificate in banking operations.
• At least 3-years’ experience in working in a similar position.
• Professional information security certification: CISM/CISSP or Network certification: CCNA, CCNP.
• A good understanding of the relevant legislative requirements especially the Banking Act and Central Bank of Kenya (CBK) prudential guidelines

Key Competencies and Attributes

Interpersonal:

• High level of integrity.
• Strong analytical capabilities and problem solving skills to interpret data and draw conclusions.
• Self-driven and willingness to work odd hours.
• Excellent project management and planning skills.
• Able to work with data to derive insightful reports and make recommendations
• Solution oriented.
• Strong people, communications and negotiation skills
• Self-starter, passionate and instrumental in ideas generation and execution
• Ability to train, motivate and develop staf