Chief Information Security Officer & Data Protection Officer Job at Family Bank Limited

Chief Information Security Officer & Data Protection Officer Job at Family Bank Limited… See details on how to apply for the opportunities available at Family Bank Limited.

Descriptions;

Responsibilities:

• Act as the primary point of contact within the bank for members of staff, regulators and any relevant public bodies on issues related to data protection and cybersecurity.
• Conduct regular and comprehensive cyber security and data protection assessments that consider people (i.e. employees, customers, outsourcing and other external parties), processes, projects, change, data, technology across all the Bank’s business lines and locations.
• Maintain and oversee policies, processes and control techniques to address all applicable cybersecurity and data protection risks.
• Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.
• Assist CRO in overseeing and implementing the institution’s cybersecurity and data protection program and enforcing the related policies.
• Incorporate the utilization of scenario analysis to consider a material cyber-attack, litigation against the bank.
• Ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location.
• Regularly review and ensure all servers, routers, switches, firewalls and user PCs are up to date with the latest patches, antivirus and all unnecessary services and applications are disabled or uninstalled.
• Reviews privileged user access and activities in line with the privileged access management standard. Sensitize use of strong passwords on all systems.
• Ensure quarterly review of system user accounts.
• Conduct project cybersecurity and data protection assessments.
• Continuously test disaster recovery and Business Continuity Plans (BCP) arrangements to extent of cybersecurity and data protection.
• All material cybersecurity events that affected the institution during the period.
• Report to CBK on a quarterly basis the occurrence and handling of cybersecurity incidents.
• Report to the Data Commissioner as guided by the data protection regulations.
• Immediately report to the Board, CEO, CSIRT and CRO on detected ICT and Information Security critical incidents.

Qualifications:

• A Bachelor’s degree holder in IT related field.
• Minimum 10 years’ experience in cybersecurity management preferably within the financial sector.
• In depth understanding of the data protection act of 2019 and the European data protection laws (GDPR).
• Professional information security certification: CISM/CISA/CISSP or Network certification: CCNA, CCNP.
• Certificate in Data Protection.
• A good understanding of the relevant legislative requirements especially the Banking Act and Central Bank of Kenya (CBK) prudential guidelines.
• Strong background in information technology with a clear understanding of the challenges of information security.

How to Apply

Submit your CV, copies of relevant documents and Application to  [email protected];

Use the title of the position as the subject of the email.

Application Deadline: 29th January 2022.