KEY RESPONSIBILITIES:
- Design, implement, and maintain data security controls such as data classification, labelling, encryption, and data loss prevention DLP, across systems, applications, and cloud platforms.
- Develop and maintain data security policies, standards, procedures and Minimum-Security Configuration Baseline Standards in line with industry best practices and regulatory requirements.
- Ensure compliance with applicable regulations and frameworks e.g., Kenya Data Protection Act, ISO 27001, GDPR, and/or other relevant standards.
- Collaborate with the Cybersecurity Intelligence and Security Operations Centre CISOC in the continuous monitoring and defense of the Bank’s infrastructure against cybersecurity threat.
- Support secure adoption of new technologies, applications, and platforms to ensure cybersecurity requirements are met before introduction to production environments.
- Lead the end-to-end vulnerability management lifecycle for databases and datastores by executing assessments across cloud and on-premises infrastructure, performing risk-based prioritization, and collaborating with cross-functional teams to remediate and continuously report on compliance.
- Support cybersecurity risk assessments and remediation by leveraging technical knowledge to remediate gaps identified by assurance teams such as Information Risk and Audit teams.
- Support internal and external audits related to data security and privacy.
- Continuous research and provide technical expertise across the different business and technical functions, conduct data security awareness and user training sessions across the group.
MINIMUM POSITION QUALIFICATION REQUIREMENTS
Academic & Professional
- Education Bachelor’s Degree BSc. IT / Computer Science or related field RQ
Professional Qualifications
- Security certification such as
- SC-401: Information Protection Administrator Associate CISA: Certified Information
- CEH: Certified Ethical Hacker;
- CISA: Certified Information Systems Auditor;
- CISM: Certified Information Security Manager
- CISSP: Certified Information Systems Security Professional
- SSCP: Systems Security Certified Practitioner;
- CompTIA Security+
- At least one RQ
- Certified Information Privacy Professional CIPP
- SC-900: Microsoft Security, Compliance, and Identity Fundamentals, CyberOps Professional, Certified Ethical Hacker CEH AA
- Oracle Database certifications in either OCP/ Oracle Database Security
- Microsoft Database certifications such as MCDBA AA
Experience
Detail Minimum No of Years Need Type[1]
- Experience in IT Administration 1 ES
- Experience in Cyber Security 1 ES