Vacancies at Sidian Bank

The Cyber Assurance Analyst will be responsible for conducting security reviews on new and existing systems, products and services in compliance with the Sidian Bank Limited security policies and industry best practices such as ISO27001, CIS, PCI DSS among others. They will also be responsible for providing timely security assurance reports and advice to the business when required even with very tight timelines.

The role will lead and coordinate all cyber security assurance activities in Sidian Bank Limited). They will manage external Penetration testing activities periodically for key systems.

KEY ACCOUNTABILITIES (DUTIES AND RESPONSIBILITIES)

• Conducting Security Reviews for new and existing Sidian Bank Business systems (40%): Perform security assessment on new and existing systems to identify cyber risks and ensure the necessary controls are in place.
• DevSecOps Implementation (20%): Drive the culture of implementing built in security controls end to end in the software development lifecycle and automate the security testing processes.
• Research (20%): Stay up to date with new trends in technology and cyber by continuously researching on emerging technologies and threats to ensure necessary controls are in place.
• Leadership (20%): Manage and coordinate cyber assurance initiatives by both internal and cyber security external teams. Define and report on key cyber metrics to senior management to measure return of investment in Cyber.

Main Activities

• Perform design reviews and provide cyber security input to ensure the necessary security controls are included from the beginning of new projects.
• Perform threat modelling for the all Sidian Bank Limited Business systems to ensure threats are identified and mitigated.
• Perform vulnerability assessments and penetration testing across all Sidian Bank Limited Business systems.
• Perform compliance hardening reviews for the Sidian Bank Limited Business systems.
• Provide timely and quality security assurance reports to the business.
• Do regular follow ups with system custodians to ensure identified risks are addressed within the agreed timelines.
• Implement cyber assurance testing tools within the CI/CD pipeline to automate security testing.
• Research on new technologies, threats and vulnerabilities to inform the necessary security controls and investments in cyber.
• Continuously review and improve cyber processes to ensure efficient support to the agile process of software development.

Technical Competencies

• Demonstrate competency in the use and administration of ethical hacking tools e.g. KALI Linux, Metasploit, Nexpose, Nessus, Nmap, BurpSuite etc.
• Hands on experience in software development with major languages Java, C++, C# and practical experience using relation RDBMS e.g. Oracle and MS SQL etc.
• Working knowledge of Cloud technologies in at least one of the following: AWS, Azure, Google and Huawei.
• Working knowledge and experience in DevSecOps technologies and practices i.e. AGILE, Jenkins, Jira, Github, Gitlab etc… will be an added advantage
• Excellent analytical, problem solving and reporting skills
• A good knowledge of the systems and processes within Financial Services industry.
• Experience in leading teams of security analysts will be an added advantage

Behavioural Competencies

• Relate easily and naturally with executives, business managers, technical teams and customers. Has excellent listening skills and understands the desires and challenges of all our leaders and customers.
• Ability to form trusted relationships with technical teams and customers
• Possess broad knowledge of business and has an interest in market trends. Have intricate knowledge of our business: its vision, mission, strategy, values and how it operates.
• Clearly communicate and share the planned cyber initiatives, reports, and risks with executives, business leaders, and stakeholders across the organization – in a manner that leaves them all touched, moved and inspired.
• Passionate about innovation. Loves technology and possesses both a deep and broad understanding of the technology market and cutting-edge technology and Cyber trends.
• Continuously listening to our stakeholder’s feedback and coming up with new architectures and enhancing existing ones to leverage these cutting-edge technologies.
• Self-motivated and self-managing.
• Have a material impact in attracting new customers, delighting existing customers, increasing our market share and enhancing our organizations efficiency and profits.

Delivery model is organized around delighting our customers, increasing our profitability, and increasing the businesses efficiency

Risk & Compliance:

• Attend training and maintain knowledge of and comply with all bank policies and procedures including Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules and regulations.
• Participate or undertake Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing bank programs on a regular basis e.g. taking attestations, self-assessment tests, filling in compliance questionnaires as required.
• Comply and not to knowingly participate or assist in any violation of Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules, regulations or internal policies, procedure and guidelines.
• Report suspected money laundering cases to their respective heads of units or to the Money Laundering Reporting Officer as soon as such incidents occur immediately with a clear basis of suspicion.  
• Avoid Misrepresentation and Malicious Reporting – knowingly making a false, fictitious or fraudulent representation e.g. statement, report, document.
• Avoid Tipping Off customers being investigated so as not to knowingly prejudice an investigation by disclosing information.
• Not provide advice or other assistance to individuals who attempt to violate or avoid Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules, regulations or corporate policies.
• Respond to all AML/CFT/CPF queries when requested by Compliance Unit to allow the bank to comply with the requirements of The Anti-Money Laundering and Combating Financing of Terrorism Amendment Act.
• Co – operate fully with regulators and law enforcement agents and make available required documents and information.

DECISION MAKING AUTHORITY

• Operational – Solution Design dependent on CRs/BRDs assigned
• Strategic – Solution structuring to ensure ease of implementing future enhancements

ACADEMIC BACKGROUND

• A Bachelor’s degree in Computer Science, Information Technology or related field.
• Information security certifications e.g. CEH/CISSP/CISM/GIAC/CPTP/OSCP

WORK EXPERIENCE

• Minimum of 3 years’ working experience in Information Systems Security – e.g. Ethical Hacking, Penetration Testing, Vulnerability Assessments, ICT Audits, Pre-and-Post Implementation System Reviews
• Minimum of 2 years’ working experience in Networking and Operating Systems e.g. Cisco, Huawei, Windows (All) and Linux.

SKILLS & COMPETENCIES

• Ability to use specialized tools and software to analyse, detect, investigate and report on various vulnerabilities and threats
• Knowledge and experience with several relevant IT products i.e. SIEMs, DAMs/WAFs, Antivirus, Firewalls & Patch Management
• Awareness and exposure in IT security with experience working in financial institutions.
• Keen attention to detail with a time-conscious approach.
• Ability to work under pressure in a competitive environment

PROFESSIONAL CERTIFICATION

• ITIL Foundation
• Possess at least one security certification such as CEH (Certified Ethical Hacker); SSCP (Systems Security Certified Practitioner); OCSP (Offensive Security Certified Professional); CompTIA Security+

go to method of application »

JOB PURPOSE

The job holder will be responsible to support implementation and enforcement of the banks Operational Risk Management frameworks and best practices within the Bank.

KEY RESPONSIBILITIES

• Strategic Risk Management
• Operational Excellence & Quality Assurance
• AML, CPF, CFT and KYC Monitoring
• Reconciliation and Settlements
• Archival and Records Management
• Personal Leadership & Management
• Team Leadership & Management
• Risk & Compliance

MAIN ACTIVITIES

Strategic Risk Management

• Support the implementation and embeding of the Operational Risk Policy and processes for defining, assessing, measuring, monitoring and reporting operational risks for the various business and support areas;
• Effectively engage with the appropriate Bank internal partners (e.g. Compliance, Risk and Audit functions) for advisory support such as clarification on regulatory requirements and bank policy, and, for exploring any necessary alignments and policy/process adjustments related to product design and development.

Operational Excellence & Quality Assurance

• Maintain and monitor an Operational Loss Database to monitor operational losses and their respective root causes;
• Work with other second line of defense functions in the identification, analysis and assessment of key operational risks as relevant for individual business lines/departments;
• Participate in various business projects and contribute to their success as may be assigned by the supervisor and play an active guidance role on Operational Risk matters in products, projects or developments;
• Advising and guiding Branch operational staff on passing entries meant to effect reversals and corrections under their jurisdictions;
• Continuous Process Improvements and Efficiency in Operations: Responsible for the delivery of day-to-day support, working with other stakeholders to provide technology solutions, process improvement efforts, and standardization across the organization;
• Business Process reengineering to ensure Process automation of most manual activities to achieve efficiency and also Process industrialization – process simplification, process quality, process sharing across channels and products.

AML, CPF, CTF and KYC Compliance Monitoring

• Follow up new accounts with incomplete documents for  in line with AML act;
• Daily review is done for  large transactions (above 700,000 Kes per client per day), PESALINK (above 700,000 Kes per client per day); internal transfers and inhouse cheques (above 700,000 Kes per client per day); walk-in transactions for forex, MTS, Bankers cheques, MPESA;
• Upload large cash forms are uploaded in the folder for all large cash transactions in place where necessary and ensure the forms filled are fully executed;
• Daily review of transactions above USD 10,000 to identify source and destination of funds and supporting documents provided at the branch level;
• Carry outnnual  KYC Review/EDD request for all noted high-risk customers;
• Ensure KYC Review/EDD request for all noted high-risk customers during transaction monitoring and a monthly review for all new high-risk customers; 
• Confirm accurate capturing of data sets to allow CTR reporting;
• Review and reporting of late Authorizations of transactions;
• Review of daily reports on single or cumulative high-value transactions per customer day, inflow into Msingi accounts, savings accounts newly opened and dormant accounts;
• Weekly Reporting on accuracy and completeness of data captured  and KYC documents review;
• In case of a noted exceptions or discrepancy in any of the reviewed transactions immediately query the branches and have Enterprise Risk Management in copy;
• Raise any omissions as non-compliance on branch control rating tool;
• Escalate noted suspicious transactions /activities to the compliance team on timely basis to enable the bank to comply with the two  days requirement of reporting a suspicious transaction;
• Weekly risk rating review and attestation for both Core banking and the AML System.

Personal Leadership & Development:

• Manage self: Show drive and motivation, an ability to self-reflect and a commitment to learning;
• Communicate effectively communicate clearly, actively listen to others, and respond with understanding and respect;
• Commit to Customer Service: provide, customer-focused services in line with banking sector and organizational objectives – adherence to the bank customer service charter and ensure personal accountability so as to meet the laid down Service Level Agreements (SLA) and work within stipulated Turn Around Time (TAT);
• Work Collaboratively Collaborate with others and value their contribution;
• Deliver Results Achieve results through the efficient use of resources and a commitment to quality outcomes;
• Think and solve problems, analyze and consider the broader context to develop practical;
• Keeping abreast with staff communications, attending staff meetings – morning huddles and weekly progress meetings;
• Responsible for own career within the bank and preparing an annual Personal Development Plan (PDP) and ensuring its actualization;
• Adherence to the banks policies and procedures, dress code, code of conduct, HR policies and procedures and follows laid down grievance and disciplinary procedure to ensure a conducive work environment;
• Closure of identified deficiencies from concluded audits, correction within stipulated timelines, and ensure no repeat findings;
• Live the brand values as a Sidian Bank brand ambassador and always project the right image of the bank to both staff and customers.

Risk & Compliance

• Attend training and maintain knowledge of and comply with all bank policies and procedures including Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules and regulations.
• Participate or undertake Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing bank programs on a regular basis e.g. taking attestations, self-assessment tests, filling in compliance questionnaires as required
• Comply and not to knowingly participate or assist in any violation of Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules, regulations or internal policies, procedure and guidelines.
• Report suspected money laundering cases to their respective heads of units or to the Money Laundering Reporting Officer as soon as such incidents occur immediately with a clear basis of suspicion   
• Avoid Misrepresentation and Malicious Reporting – knowingly making a false, fictitious or fraudulent representation e.g. statement, report, document.
• Avoid Tipping Off customers being investigated so as not to knowingly prejudice an investigation by disclosing information.
• Not provide advice or other assistance to individuals who attempt to violate or avoid Anti Money Laundering/Countering Financing of Terrorism/Countering Proliferation Financing laws, rules, regulations or corporate policies.
• Respond to all AML/CFT/CPF queries when requested by Compliance Unit to allow the bank to comply with the requirements of The Anti-Money Laundering and Combating Financing of Terrorism Amendment Act
• Co – operate fully with regulators and law enforcement agents and make available required documents and information.

ACADEMIC BACKGROUND

• University Degree in Bachelor of commerce (Finance or Accounting) or other relevant Business Degree.
• Master’s degree will be an added advantage.

WORK EXPERIENCE

• At least eight (4) years’ experience in banking environment, with a track record of success with at least 2 years in a Shared Services function.

SKILLS & COMPETENCIES

• Excellent and demonstrated leadership capacity including possession of strategic development, monitoring, execution and reporting skills (Have a strategic outlook).
• Practical experience in use of relevant MS office applications, especially Excel, Word and PowerPoint.
• Extensive knowledge of Banking theory and practice, Central Bank’s Prudential Guidelines, FATCA, POCAMLA, POTCA and related procedures. 
• Possess good knowledge of banking products and services and also a wider understanding of the general banking universe/Industry.
• Strong negotiation and interpersonal skills and ability to motivate, coach and mentor staff.
• Good communication and engagement skills.

PROFESSIONAL CERTIFICATION

• Professional Banking qualification (AKIB) is an added advantage.