Vacancies at Equity Bank Kenya

Role Brief

The Senior Manager: Product Security Architecture leads the strategic design and governance of security architecture across Commercial, FinTech, and Digital business initiatives. This role ensures secure-by-design principles are embedded throughout the product lifecycle, balancing cybersecurity requirements with business agility to minimize disruption and reduce fraud risks.

The position provides thought leadership, mentorship, and technical oversight, ensuring all products and services align with Equity’s security policies, regulatory standards, and risk management objectives.

Role Responsibilities

Security Architecture & Design:

• Define and translate security requirements into scalable, resilient product architectures for Commercial, FinTech, and Digital platforms.
• Drive early security integration in the SDLC, collaborating with product, engineering, and business teams.
• Lead security design reviews for applications, APIs, networks, and cloud deployments.
• Provide expert remediation guidance and actionable recommendations to technical teams.
• Develop and maintain security standards, patterns, and reference architectures; ensure adoption across teams.
• Advise on cryptographic technologies (PGP, SSH, SSL) and authentication protocols (OIDC, OAuth, SAML, RADIUS, LDAP, Kerberos).
• Champion secure cloud adoption, network hardening, and data protection strategies.
• Serve as technical authority for security-related strategic initiatives.

Strategy, Risk, and Business Alignment:

• Align product security architecture with enterprise cybersecurity strategy and risk appetite.
• Identify fraud and social engineering risks; recommend preventive controls.
• Map security controls to B2B, B2C, and C2C models, ensuring frictionless customer experience.
• Present complex technical risks in business language to senior leadership.
• Influence investment decisions for security technologies and frameworks.

Leadership & Team Management:

• Lead and mentor the security architecture team, fostering continuous learning and innovation.
• Define team objectives, allocate resources, and manage performance.
• Build strong partnerships with CISO office, product owners, and technology leaders.
• Promote a culture of security awareness across business units.

Key Critical Competencies

• Strategic Leadership: Ability to influence executive decisions and drive security transformation.
• Decision-Making: Balances risk, cost, and customer experience.
• Communication: Exceptional ability to simplify technical concepts for business stakeholders.
• Collaboration: Builds trust across diverse teams and geographies.
• Innovation: Anticipates emerging threats and integrates cutting-edge security solutions.

Role Complexity:  

• Document security control for each business service delivery. 
• Understand each business function – Commercial, FinTech and digital initiatives

Budgets/ Financial Input

• Provide knowledge business services and product to the security team. 
• Consolidate and translate business security needs into finical measurable matrix 

Qualifications

• Bachelor’s degree in IT, Network Security, Information Security, Computer Engineering, or related field.
• Professional certifications: CISSP, CISM, SABSA, CEH; PMP is an advantage.
• Minimum 5+ years in security architecture and governance, with 2+ years in leadership roles.
• Strong understanding of financial services, telecom, and FinTech ecosystems.
• Expertise in: Encryption & authentication protocols, Data protection & privacy frameworks, Agile & DevSecOps practices, API security & Open Banking models.
• Familiarity with ISO 27001, PCI-DSS, NIST, and regulatory compliance frameworks.
• Proven ability to develop enterprise security architectures and manage cross-functional teams.

go to method of application »

Role Brief

The Product Security Architect will be responsible for designing and development of security control for the business Commercial, Fintech, and digital initiatives. He/ she will work closely with the various business team to understand the product and services and further recommend security controls for inclusion. The controls should be less business disruptive, enforce cyber control, reduce fraud and is frictionless with business objective. The Product Security Architect ensures existing and new business services and products have adequate security controls and conform to Equity Policies, procedures, and standards.

Role Responsibilities

Architecture:

•  Formulate security specific requirements for business services for Commercial, Fintech, and digital initiatives
• Work closely with all the business teams to design and incorporate security as part of product development
• Work closely with the other domain architects to ensure that security is properly embedded in their respective domain architectures.
• Work independently with developers, system/network administrators, product owners, and other relevant stakeholders to ensure secure design, development, and implementation of applications and networks.
• Ensuring timely and comprehensive threat modelling is conducted for new and existing services from different business units in collaboration with identified stakeholders.
• Perform security design reviews of applications, systems, and networks.
• Provide remediation guidance and recommendations to developers and administrators.
• Define Security best practices and standards, interpreting same to business and product owners.
• Familiarity with common vulnerabilities and attack vectors.
• Advise product and business owners on encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)
• Leading and contributing to the security posture of Equity’s networks and systems, data centre infrastructures, cloud architectures and solutions.
• Developing and/or carrying out the strategic direction of security projects to enable execution of the information security strategy

Strategy:

• Excellent understanding of customer transaction flow of commercial and Fintech services.
• In-depth understanding of threat ecosystem, risk identification and profiling, and adaptive controls’ practices.
• Understand B2C, B2B and C2C business models in relation to security controls.
• Ability to simplify analysis and present results clearly at all levels of the business - including at senior management team level

Key Critical Competencies

• Ability to know when to implement solutions with consideration to the wider impacts i.e. risk, cost, customer impact, timescales, etc.
• Excellent negotiation, written and verbal presentation skills.
• Ability to handle high pressure situations with key stakeholders.
• Good Analytical skills, Problem solving and Interpersonal skills.
• Deep knowledge of enterprise application development security controls.
• Some knowledge of Telco convergence, FinTech network traffic consumption

Role Complexity:

• Document security control for each business service delivery.
• Understand Threat Modelling.
• Understand each business function – Commercial, FinTech and digital initiatives

Budgets/ Financial Input

• Provide knowledge of business services and products to the security team
• Consolidate and translate business security needs into finical measurable matrix

Qualifications

• A Degree or its equivalent in Information Technology, Network Security, Enterprise Network Management, Information Security, Management Information System Computing, Engineering or similar area of study.
• Relevant industry certifications in information security programs, and governance as well as PMP will be an added advantage.
• Minimum of 2 years working in information security governance.
• Minimum of 1 year working as a business analyst in technical security and IT (added advantage)
• Good understanding of business models and services in financial, telecom and FinTech domain.
• Good understanding of customer, merchant integration models.
• An excellent team member who is analytical, logical and able to work with other Product team which are dedicated to making Equity products and technologies as secure as possible.
• Experience with creating technical documentation: product documentation, technology, software and systems architecture, and technical whitepapers.
• Working experience with the following concepts: SSL Crypto Solutions, Data Protection and Security, Software Development Methodologies (E.G. Agile), API Gateways, Data Analytics, Artificial Intelligence, Cloud Computing.
• Strong cross-domain and cross-functional knowledge that will enable design of the best possible security technology solutions.
• Has good understanding of the SecureSDLC process and follows the process to effectively develop, design solutions and incorporate threat modelling.
• Ability to function as an individual contributor and mentor/leader detached from the corporate environment.
• Good understanding of Open Application Programming Interface business model.
• Good understanding ISO27001 and PCI-DSS certification. 
• Experience of identifying and managing technology security risk. 
• Up-to-date knowledge of future IP and network security technologies, equipment and their benefits. 
• Widespread knowledge of different IP and network security vendors and solutions, and managed.