Vacancies at Central Bank of Kenya

Job Purpose

• Senior Business Analyst Monitoring and Compliance role is critical in ensuring General Services Department operational integrity and regulatory adherence are contributing positively to its long-term success and reputation.
• The role entails the use of continuous auditing and analytics to identify non-compliant transactions, review metrics and trends, summarize results, potential issues, and opportunities for improvement and participate in remediation activities, action planning and escalate significant issues.
• This is a critical role that bridges business needs and technical implementation, ensuring regulatory compliance and optimal business processes. This role also involves analyzing business processes, identifying compliance gaps, developing solutions to improve efficiency and effectiveness, ultimately contributing to the Bank’s legal and ethical standing. The role will report directly to the senior manager, Compliance and Monitoring within the General Services Department.

Key Duties and Responsibilities

Strategic Responsibilities

• Participating in preparation and implementation of Departmental Strategic Plan.
• Monitor and report on the implementation of the Departmental Strategic Initiatives in support of the wider Bank’s strategic plan.
• Coordinate in preparation and implementation of the Departmental operations manual, policies and procedures.
• Contributes as appropriate to the performance of other functions and to the overall achievement of CBK’s strategic objectives.
• Works effectively as part of the team to deliver on the Key Result Areas and demonstrates competencies of his/her role.

Technical and Operational Responsibilities

• Identify operational risks affecting the Department and take necessary steps to measure, monitor and report accordingly.
• Participate in the Department’s business process, initiating, forums, committee etc., to ensure that operational risk requirements are appropriately considered, executed and reported.
• Clearly document Business requirements, translating them into actionable technical specifications for implementation
• Review and evaluate internal control and propose appropriate recommendation for changes and/or enhancement.
• Promote compliance to operational risk policies.
• Encourage a high level of awareness of operational risk in the Department.
• Carry out a quarterly review and report on all operations and processes across the Department.
• Liaison with the Internal Audit & Risk Department to ensure adherence to all requisite risk policies.
• Ensure daily incidence reporting is done in line with the procedures and guidelines.
• Coordinate training of staff in the department in line with HRD guidelines for PDP, CPD and attachment programs.
• Identify areas that could be improved and propose ways of improving the processes.
• Monitor and report on the implementation of the departmental strategic initiatives in support of the wider Bank’s strategic plan.
• Custodian of all GSD policies, SOP’s and carry out reviews/updates in accordance with the Bank policy.
• Maintain and updated risk register in the department.
• Liaison with the Internal Audit & Risk Department to ensure adherence to all requisite risk policies.
• Review legislation, standards and other relevant guidelines and guide on compliance in the Department.
• Identify areas that could be improved and propose ways of improving the processes.
• Embed risk awareness culture within the Department.
• Carry out a quarterly review and report on all operations and processes across the Department.
• Follow up for resolution of ERP process gaps and embedding of requisite/enhanced system controls.
• Liaison person for training and follow up activities for the Department.
• Participate in the tendering process (Tender Opening, Tender Evaluation and Inspection and Acceptance Committee).
• Any other assignment, duty and/or responsibilities that may be allocated from time to time.

Qualifications

• Bachelor’s Degree in Commerce, Finance, Accounting, Business Administration, B.A/BSC Business/Economics/Mathematics or related discipline from a reputable University.
• Professional qualification(s) in Accounting e.g., CPA, ACCA, KISM Project Management, Monitoring and Evaluation or equivalent
• Compliance and Risk Certifications will be an added advantage.

Work Experience

• At least three (3) years’ experience in Audit, Compliance, Risk management, or Business Analyst role.

go to method of application »

Job Purpose

The role holder will be responsible for carrying out and coordinating Cyber Threat hunting for pro-active detection and prevention of Cyber Breaches in the Banking Sector.

Key Duties and Responsibilities

Technical and Operational Responsibilities

• Perform targeted Vulnerability Assessment and Penetration Testing (VA/PT) to identify flaws on systems and applications of regulated entities.
• Write reports detailing the findings of VA/PT exercises explaining the attack vectors of Cyberattacks.
• Reviewing results of VA/PT exercises before dispatch.
• Providing recommendations on fixing the issues identified during VA/PT exercises.
• Carrying out Open-Source Intelligence (OSINT) collection on Cyber Threat Actors.
• Supporting, liaising and coordinating with other incident response teams in identifying cyber-attack vectors by analyzing raw data and identifying suspicious patterns.
• Incidence Response engagements on regulated entities to ensure recovery and efficiency in incident response management.
• Adhere to VA/PT and incident management policies, best practices and SOP manuals.
• Prepare Cyber Security training/awareness material for the financial sector.
• Maintain records of all Cyber incidents recorded and their status.
• Maintain catalogue of all VA/PT tools and equipment.

Other Responsibilities

• Conduct research on Cyber Threat Actors Tactics, Techniques and Procedures (TTPs)
• Any other duties assigned.

Qualifications

• A Bachelor’s Degree in Information Technology, Computer Engineering, Telecommunications and Information Engineering & Computer Science and/or any related qualification.
• Professional certification(s) in VA/PT (CEH) and Cybersecurity & Information Security (GSEC) and/or Networking (CCNA) or any other related field.
• Practical hands-on experience with enterprise VA/PT tools and software, e.g Nessus, Burp suite, OpenVAS, Nikto and exploit frameworks.
• Active membership in at least one (1) professional body.

Work Experience

• Three (3) years’ experience with at least two (2) years' experience in a cybersecurity and VA/PT analysis environment.

go to method of application »

Job Purpose

The role holder will be responsible for conducting in-depth digital forensic analysis in response to cyber security incidents, gathering indicators of compromise (IOCs) and reporting the findings according to the relevant laws, regulations and best practices.

Key Duties and Responsibilities

Strategic Responsibilities

• Assist in the overall administration and running of the digital forensics and incident response section
• Responsible to the Digital Forensics Manager for efficient incident response, analysis, recovery and reporting.

Technical and Operational Responsibilities

• Team leader during incident response.
• Utilize appropriate computer forensic hardware and software to collect, extract, preserve and analyze digital evidence according to standard operating procedures.
• Conduct on-site forensic analysis/triage previews of windows, Linux, Mac and virtualized systems.
• Apply various tools to perform static and dynamic malware analysis to understand behavior, functionality and impact.
• Conduct Memory forensics to discover malware indicators of compromise.
• Compile forensic reports on findings from digital evidence analysis and provide recommendations for threat mitigation.
• Continuously improve processes and procedures for incident response management and analysis as guided by relevant laws, regulations and best practices.
• Ensure maintenance of digital forensics tools and equipment for operational effectiveness.
• Implement incident management policies and Standard Operating Procedure manual on incident management.
• Ensure reverse compatibility and interoperability of archive media due to disparity in hardware and software versions, media lifespan and file formats.
• Maintenance of laboratory records request for response assistance, devices received, analyzed, dispatched and visitors to the laboratory.
• Maintain a record/log of laboratory tools, equipment, techniques and procedures performance verification and validation testing.
• Stay updated on current trends and advancements in Digital Forensics and Malware research.

Other Responsibilities

• Perform any other duties and responsibilities as may be assigned.

Qualifications

• A Bachelor’s Degree in Computer Science, Information Technology, Digital Forensics and/ or any other related qualification.
• Practical hands-on experience on a broad range of Incident response, Threat Hunting and Digital Forensic Examinations.
• Professional Cyber security certifications; Certified Ethical Hacker CEH, SANs FOR508 or FOR 610, Computer Hacking Forensics Investigator, CHFI or any other equivalent certification.

Work Experience

• Five (5) years’ experience with at least three (3) years in active incident response and Digital Forensics practice.
• Experience in working with high-level programming languages.
• Understanding of debuggers and disassemblers.
• Understanding of memory forensics.
• Understanding of cryptography.
• Understanding of virtual machine forensics.
• Knowledge of anti-forensic techniques and procedures.