Purpose:

The Manager, Technology Risk is responsible for overseeing the bank’s technology risk management framework, ensuring that risks related to IT infrastructure, cybersecurity, data protection, and digital transformation initiatives are effectively managed. This role works closely with IT, cybersecurity, and risk management teams to identify, assess, monitor, and mitigate technology-related risks while ensuring compliance with regulatory requirements and best practices. 

Key Responsibilities

Technology Risk Framework Implementation 

• Develop, implement, and maintain the bank’s Technology Risk Management Framework in alignment with regulatory requirements and industry standards (e.g., NIST, ISO 27001, COBIT, Basel). 
• Ensure technology risk policies, procedures, and controls are effectively embedded across all business units. 

Risk Identification, Assessment & Mitigation 

• Conduct technology risk assessments, including IT control testing, risk control self-assessments (RCSA), and scenario analysis. 
• Identify emerging risks related to cybersecurity threats, third-party IT risks, cloud computing, AI, and digital banking platforms. 
• Implement risk mitigation measures to strengthen IT security and resilience. 

Cybersecurity & Data Protection Oversight 

• Work closely with the Information Security and IT teams to assess cyber threats, vulnerabilities, and incident response strategies. 
• Ensure compliance with data protection laws (e.g., GDPR, Kenya Data Protection Act) and regulatory requirements. 
• Monitor cybersecurity incidents and oversee remediation efforts. 

Third-Party & Vendor Risk Management 

• Assess technology risks associated with third-party vendors, cloud service providers, and IT outsourcing arrangements.
• Conduct due diligence and continuous monitoring of critical IT service providers.

Regulatory Compliance & Audit Coordination 

•  Ensure adherence to local and international regulatory requirements, including CBK ICT Risk Guidelines, Basel III, and ISO standards. 
•  Act as the liaison between IT, internal audit, and external regulatory bodies during technology risk audits. 
•  Address and close audit findings related to IT risk. 

Business Continuity & Incident Management 

• Support IT Disaster Recovery (DR) and Business Continuity Planning (BCP) initiatives. 
• Coordinate technology risk incident response efforts and ensure timely reporting of critical IT disruptions. 

Technology Risk Reporting & Governance 

• Develop and present technology risk reports, dashboards, and key risk indicators (KRIs) to senior management, the Risk Committee, and Board-level governance forums. 
• Track and monitor IT risk remediation plans, ensuring timely resolution of identified risks. 

Training & Awareness 

• Conduct technology risk awareness training for business units to promote a risk-aware culture. 
• Support risk management capacity-building initiatives for IT and business teams. 

Qualifications

Qualifications, Experience

• Education: Bachelor’s degree in computer science, Information Technology, Risk Management, Cybersecurity, or a related field. A master’s degree is an added advantage. 
• Certifications: Professional certifications such as CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), CISSP (Certified Information Systems Security Professional), or ITIL (Information Technology Infrastructure Library) are highly preferred. 
•  Experience: Minimum of 5-7 years of experience in technology risk management, IT security, cybersecurity, or audit in the banking or financial services industry.
• Regulatory Knowledge: Strong understanding of CBK ICT Risk Guidelines, Basel Accords, NIST Cybersecurity Framework, GDPR, Kenya Data Protection Act, and ISO 27001. 

Key Competencies & Skills

• Technology Risk Management – Expertise in IT risk identification, mitigation, and monitoring. 
• Cybersecurity & Information Security – Strong understanding of cyber threats, vulnerability management, and data protection regulations. 
• IT Governance & Compliance – Knowledge of COBIT, ITIL, and regulatory requirements for technology risk management. 
• Incident & Crisis Management – Ability to handle IT incidents, cyber breaches, and business continuity disruptions. 
• Audit & Assurance – Experience in conducting IT risk assessments, internal audits, and regulatory compliance reviews.