ICT Risk Manager at National Bank of Kenya

Job Reference No. NBK/Risk/01/2025

Position Scope:

The role holder will be responsible for supporting the risk identification and management process across all aspects of Information Technology for the Bank, updating the executive management on the results of the risk assessment and making recommendations for mitigations to protect the Bank systems or cover potential financial losses.

Key Responsibilities:

• Develop and implement an ICT Risk Management Framework;
• Conduct system vulnerability tests in line with Bank policies and global standards and report to management on vulnerability and protection against cyber-attacks;
• Identify and assess ICT risks, design mitigation controls and monitor the risks till closure;
• Clearly document and define risks and their potential impact alongside the statistical probability of such an event, and identify systems affected by the defined risk;
• Develop ICT risk management guidelines to be used by all Divisions of the Bank;
• Conduct system penetration testing during various stages of the system development lifecycle to ensure integrity, availability and assurance of the systems and technical processes;
• Perform a review on compliance with ICT security policies across the technology ecosystem;
• Evaluate IT security policy, processes and procedures for completeness and applicability;
• Evaluate IT service management policies, processes and procedures for completeness and applicability;
• Work closely with Business functions to identify risks in products that use digital platforms;
• Conduct fraud assessments on technology platforms in line with the Fraud Risk Management Policy;
• Keep abreast with current advances in all areas of ICT security;
• Continuously evaluate communication security, data vulnerability, business continuity; and examine employee compliance with security controls and deficiencies.

Skills & Experience:

• A Bachelor’s Degree in Computer Science, IT or related field from a recognised University.
• Masters’ degree would be added advantage
• Certified in Risk and Information Systems Control (CRISC) or equivalent preferred.
• 3-5 years of related experience with an emphasis on ICT Risk
• CISA professional certification.
• Membership of IIA/ISACA is preferred.
• Ability to conduct data mining, data analysis and reporting.
• An intermediate understanding of networking concepts.
• Intermediate understanding of security appliances including but not limited to Intrusion
• Detection System (IDS), Intrusion Prevention System (IPS), Firewall, and Security
• Information and Event Management (SIEM) systems
• Analytical, objective and ability to describe complex technical concepts and ideas in non-technical terms
• Understanding of ICT risk management, processes and associated control requirements.
• Innovation; able to keep up with trends of meeting the demands of internal and external customers and controls thereof.
• Collaboration; forms business partnerships that help drive the Bank’s Assurance agenda.
• Good knowledge of Banking laws and regulations
• Analytical thinking capability.
• Report writing and communication skills.
• Stakeholder Management