KEY RESPONSIBILITIES:
Design, implement, and maintain data security controls such as data classification, labelling, encryption, and data loss prevention (DLP), across systems, applications, and cloud platforms.
Develop and maintain data security policies, standards, procedures and Minimum-Security Configuration Baseline Standards in line with industry best practices and regulatory requirements.
Ensure compliance with applicable regulations and frameworks (e.g., Kenya Data Protection Act, ISO 27001, GDPR, and/or other relevant standards).
Collaborate with the Cybersecurity Intelligence and Security Operations Centre (CISOC) in the continuous monitoring and defense of the Bank's infrastructure against cybersecurity threat.
Support secure adoption of new technologies, applications, and platforms to ensure cybersecurity requirements are met before introduction to production environments.
Lead the end-to-end vulnerability management lifecycle for databases and datastores by executing assessments across cloud and on-premises infrastructure, performing risk-based prioritization, and collaborating with cross-functional teams to remediate and continuously report on compliance.
Support cybersecurity risk assessments and remediation by leveraging technical knowledge to remediate gaps identified by assurance teams such as Information Risk and Audit teams.
Support internal and external audits related to data security and privacy.
Continuous research and provide technical expertise across the different business and technical functions, conduct data security awareness and user training sessions across the group.
MINIMUM POSITION QUALIFICATION REQUIREMENTS:
Academic & Professional
Education
Bachelor's Degree
BSc. IT / Computer Science or related field RQ
Professional Qualifications
Security certification such as
SC-401: Information Protection Administrator Associate CISA: Certified Information Systems Auditor.
CISM: Certified Information Security Manager
CISSP: Certified Information Systems Security Professional
SSCP: Systems Security Certified Practitioner.
CompTIA Security+
ISO27001
OSCP: Offensive Security Certified Professional. ETC
At least one RQ
Certified Information Privacy Professional (CIPP)
SC-900: Microsoft Security, Compliance, and Identity Fundamentals, CyberOps Professional, Certified Ethical Hacker (CEH) AA
Oracle Database certifications in either OCP/ Oracle Database Security
Microsoft Database certifications such as MCDBA AA
Master's degree MBA / MSc AA
Experience
Detail Minimum No of Years Need Type
Experience in Cyber Security 2 ES