The primary goal of this role is to ensure continuous, independent assurance of the bank’s Information Security. This includes maintaining the confidentiality, integrity, and availability of the IT infrastructure, processing systems, and associated resources, in alignment with the Bank’s Information Security Policy.
- Guarantee the confidentiality, integrity, and availability of data on enterprise workstations, servers, and other systems, including data in databases and repositories.
- Secure all system interfaces against intrusion and maintain detailed logs of user activities, ensuring traceability.
- Conduct regular vulnerability assessments and penetration tests on bank systems, identifying vulnerabilities and recommending actions to address them.
- Analyze data from user and network monitoring to verify the legitimacy of high-priority activities.
- Actively review logs, audit trails, and data from applications, servers, databases, and networks, providing analysis and reports.
- Analyze departmental self-assessment reports on system controls to support focused controls.
- Offer proactive guidance on tools necessary for effective bank systems management and control.
- Provide forensic data to investigators and analysts as needed.
- Assess user-logged issues and identify trends related to systems security management.
- Lead efforts to enhance information security awareness among different bank staff and stakeholders.
- Provide security advice during technology projects, system deployments, upgrades, and changes.
- Continuously evaluate systems at various levels (servers, applications, databases, network devices) to identify risks and recommend risk mitigation.
- Manage external parties’ access to bank infrastructure and systems, incorporating detective measures for intrusion detection.
- Safeguard the bank’s LAN/WAN network infrastructure from intrusion.
- Establish and uphold the Bank’s Business Continuity Plan and Disaster Recovery Plan.
- Lead a compliance program to meet legal obligations and business objectives by prioritizing initiatives and evaluating current and future technologies.
- Develop and enforce security documents (policies, standards, baselines, guidelines, procedures).
- Ensure effective patch management, version control, and virus protection.
- Take proactive steps to mitigate identified risks and address potential threats promptly.
- Bachelor of Science degree in Computer Science, Information Technology/Systems, or a related field.
- At least three (3) years of experience in IT, including a minimum of one (1) year in IT Security.
- Familiarity with IT security, preferably within financial institutions.
Skills & Competencies
- Proficiency in using specialized tools and software to analyze, detect, investigate, and report vulnerabilities and threats.
- Knowledge and experience with relevant IT products such as SIEMs, DAMs/WAFs, Antivirus, Firewalls, and Patch Management.
- Meticulous attention to detail with a time-sensitive approach.
- Ability to perform under pressure in a competitive environment.
- Relevant professional certifications.
To apply for this job please visit sidianbank.co.ke.