Information Risk Manager

Company Details
Industry: Banking
Description: Kenya Commercial Bank Limited is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya - incorporated with effect from January 1, 2016 - and all KCB's regional units in Uganda,… Kenya Commercial Bank Limited is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya - incorporated with effect from January 1, 2016 - and all KCB's regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan. It also owns KCB Insurance Agency, KCB Capital, KCB Foundation and all associate companies. The holding company was set up to among other things to enhance the Group's capacity to access unrestricted capital and also enable investment in new ventures outside banking regulations, achieve operational and strategic autonomy for the Group's operating entities and enhance corporate governance across the Group and oversight in management of subsidiaries. View more View less
Job Details
Job Type: Full Time
Workplace Type: On-site
Qualification: Diploma
Job Experience: Mandatory
Job Location: Nairobi County, Kenya
Closing Date: Undisclosed
Salary: KES Unspecified / month
Other Pay: Benefits
Job Category: Telecommunications
Job Description

Information Risk Manager

We are seeking an experienced and proactive Information Risk Manager to lead our information risk management team. In this critical role, you will ensure the security, compliance, and resilience of our banking systems and data. You will guide projects, mentor a team, and drive continuous improvement in risk management practices.

Key Responsibilities

  • Carry out reviews along the various phases of a project’s lifecycle as detailed in the bank’s Project Management framework to ensure that all delivered systems comply.
  • Provide guidance in resolving IS audit findings and lead the development of reports and corrective action plans.
  • Provide guidance for the resumption and recovery of time-sensitive business operations in accordance with pre-established timeframes, and ensure that adequate plans are in place for less time-sensitive business operations.
  • Develop and implement Risk Management Policies, procedures, standards, and guidelines based on best practice benchmarking COBIT, ISO/IEC 27001, NIST, ITIL, and other relevant standards.
  • Review and recommend appropriate security enhancement of our network by evaluating network design and ensuring implementation of effective firewall security policies.
  • Manage incidents and complaints about ICT Services.
  • In liaison with IT, ensure an effective change management process is in place.
  • Review and evaluate system backup and disaster recovery standards for the bank, follow up on implementation, and provide support to ICT Department to ensure quick recovery in the event of a disaster.
  • Review the Business Continuity Programme for effectiveness and completeness and recommend appropriate actions.
  • Review System Security Configurations for effectiveness and recommend appropriate settings.
  • Lead and mentor a team of Information Risk Managers and Analysts, fostering a collaborative and high-performing environment.
  • Conduct comprehensive reviews and provide independent assurance on projects, cybersecurity, and governance initiatives.
  • Offer objective and insightful recommendations to enhance the bank's information systems and ICT infrastructure.
  • Ensure the bank's data and systems are secure and compliant with industry standards and regulations.
  • Stay updated with emerging technologies and trends, identifying potential risks and opportunities for the bank.
  • Collaborate with various departments to understand their information risk needs and provide tailored solutions.
  • Develop and implement risk assessment frameworks and methodologies to identify and mitigate potential risks.
  • Prepare and present risk reports to senior management, offering clear and actionable insights.
  • Build and maintain strong relationships with internal stakeholders and external partners to ensure effective risk management.
  • Stay informed about industry best practices and contribute to the bank's overall risk management strategy.

Qualifications

  • Education: Bachelor’s degree in Computer Science, Information Technology, or a related field. A Master’s degree is preferred.
  • Experience: Minimum of 8 years of experience in information risk management, with a proven track record of leading teams.
  • Certifications: Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) certification is an advantage.
  • Knowledge: Strong knowledge of information security principles, risk assessment methodologies, and industry standards.
  • Leadership: Excellent leadership and mentoring skills, with the ability to inspire and develop a high-performing team.
  • Analytical Skills: Analytical mindset with a problem-solving approach, able to identify risks and propose effective solutions.
  • Communication: Effective communication skills, both written and verbal, to present complex information to diverse audiences.
  • Project Management: Ability to work independently and manage multiple projects simultaneously, ensuring timely delivery.
  • Interpersonal Skills: Strong interpersonal skills to build relationships and collaborate with stakeholders at all levels.
  • Innovation: A proactive and innovative mindset, constantly seeking opportunities to enhance the bank's information risk management practices.
432 open positions on Semasocial right now · 7411 open positions in Nairobi County, Kenya · 52 posted in the last 7 days
Contact Information
CV Job Description Matcher See how well your CV matches this job and get tips to improve your chances AI Tool

This tool helps you see how closely your CV matches a job description. It also gives you simple suggestions on what to improve so you have a better chance of getting shortlisted.

Similar Jobs

Beware of Fraudsters!
Never pay anyone for job applications, interview tests, or job interviews. A genuine employer will never ask you for payment under any circumstances.
Disclaimer & TOS: We do not guarantee the authenticity of every single job posting and are not responsible for any fraudulent activity or misrepresentation by third parties. We are not involved in any stage of the interview or recruitment process and do not charge any fees from job seekers. For further details, please read the rest of the Terms of Service.