Are you a competent and highly motivated person with a career passion in Information Security?
Our ICT Risk and Control Team is looking for a detail-oriented, self-driven, collaborative individual with a passion for integrity to fill the role of ICT Risk Officer.

Reporting to Head – ICT Risk and Control, the role holder will provide continuous independent assurance of the
bank’s Information Security as regards confidentiality, integrity and availability of the IT Systems by ensuring that appropriate security controls are in place to protect the Bank’s assets. The role holder will also ensure that ICT-related risks are managed in compliance to the Bank’s policies, laws, regulatory guidelines and applicable
standards.

**The Role**
Specifically, the successful jobholder will be required to:
– Carry out ICT risk assessments of Co-operative Bank systems and provide recommendations of appropriate and adequate IT security controls to mitigate and minimize ICT Risks.
– Continuously review and improve the ICT controls in place.
– Continuously review systems at all levels i.e. servers, applications, database, network devices etc., identify risks and make recommendations on closure of the risks
– Provide continuous assurance on ICT Risks on the Bank’s systems
– Evaluate ICT controls for all operating systems, applications, database management system interfaces and networks across the Bank to ensure consistency in achieving compliance requirements (regulatory, standards and internal policies).
– Promote Information security awareness within the Bank by providing consultation, guidance and conducting relevant awareness programs to ensure an IS complaint culture.
– Proactively anticipate potential threat and vulnerabilities and provide guidance in coordination with the ICT department on effective responses or control measures to be implemented to mitigate them.
– Manage ICT Risks registers.
– Periodically perform vulnerability assessments & penetration tests on Bank systems and technology, identifying vulnerabilities and recommendations on closure of these vulnerabilities.

**Skills, Competencies and Experience**
The successful candidate will be required to have the following skills and competencies:
– A Bachelor’s degree in Information Technology, Information Security or Business related.
– Relevant IT Security professional qualifications e.g. CISA, CISM, CEH or other relevant security certifications.
– A minimum of 5 years working experience in a similar role in a highly computerized environment.
– Experience in implementing Information Security Standard such as ISO 27001, COBIT.
– Understanding of ICT risk and systems security control processes
– Understanding of Information systems Architecture and operational practices
– Appreciation of Audit Methodologies.
– Experienced in Windows Enterprise servers or UNIX systems.
– Experience of working in the IT function within a banking environment will be an advantage.
– Knowledge of cybersecurity good practices (Identity and Access Management, Data Protection, Penetration Testing etc.)

**How to apply**
If you are confident that you fit the role and person profile and you are keen to add value to your career then please forward your application letter enclosing detailed Curriculum Vitae to jobs@www.co-opbank.co.ke
indicating the job reference number IRO/CEO/2021by 13th October, 2021.