Senior Manager, Security Governance

ABOUT THE COMPANY

Equity Bank Kenya Limited, is a financial services provider headquartered in Nairobi, Kenya. It is licensed as a commercial bank, by the Central Bank of Kenya, the central bank and national banking regulator.

JOB SUMMARY

Minimum Requirements:Education:Minimum of 3 years tertiary qualification (degree/ national diploma) pr equivalent in Information TechnologySecurity certification e.g. CISSP & CISM essentialOther qualifications (ITIL, TMF, COBIT) advantageFluent in EnglishExperience: Min of 6 years in IT, 2 of which as an Information Security Senior Specialist or Manager in a large enterprise environment essentialExperience in Banking or Telco industry advantageous Experience should ideally span multiple security domains ranging from security risk and governance, Data Loss Prevention, Authentication, Malware, Network Security, Applications and Operations Systems and Security across platform / database /network Must have a wide breadth of knowledge and experience across security products, tools, and industry trendsKnowledge of current security risks and protocols as well as good working knowledge of technical risk management and assessmentsAbility to interact with a broad cross-section of personnel to explain and enforce security measuresAbility to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential mattersExpert knowledge of regulatory compliance requirements (PCI-DSS, ISO 27001, GDPR, etc.)Excellent written and verbal communication skills as well as business acumen and a commercial outlookGood analytic and problem-solving skillsAbility to work under pressure, as well as the ability to take independent initiative when needed.

RESPONSIBILITIES

Technical Excellence:Provide assurance that Equity Group's assets are effectively managed and monitored to meet Equity security requirements - first-line management assurance.Analize known and emerging threats to determine risks against Equity assets.Review and document Information Security Policies, Processes and Procedures and meet governance in terms of legislative and audit requirements and provide consultation to business with regard to this.Identification and management of information security risks within Equity by identifying, defining and maintaining the information security policy and functional standards for the organisation.Create and continuously review security governing principles to guide information, technology, and solution decision making for EquityDevelop Group's Critical Controls and Compliance universe, and drive the implementation of control mechanisms, which enable Information Security function to effectively manage the true status of information security within Equity.Report on mitigating actions required to correct or remedy actions where necessary and inform IT Teams and relevant Business units of any significant changes and risk situations.Consult to projects in terms of identifying risks, vulnerabilities and controls.Perform first-line Security Assessments on internal environments and 3rd party environments, with the purpose of identifying shortcomings which risk to Equity and drive remedial actions. Coordinate reporting and action plans in the event that a security incident does occurConduct monthly security service/ posture reviews across the environment and present reports to the relevant subsidiaries, business units and governance committees. Represent Information Security in the relevant business areas in Equity as well as various IT/ risk or Security committees and forums within Equity. Provide on-going subject matter expert level consultation to Equity project and operational teams, application owners, and other technology and network teams on relevant security controls requirements.Ensure optimal performance of the security services and identify control efficiencies in how security is operated across all security domains.Track and drive implementation of Technical Security Standards across the technology platforms.Review and track all risk accepted and exception items and assist to build and manage the security compliance universe. Consult to projects (Business and Technology) in terms of identifying risks and specific vulnerabilities and controls for new implementations.Operational Delivery:Perform first-line management assurance on technical controls to minimise audit impact and risk exposureModel threats and risks as well as the controls necessary to mitigate them, on both an organisational and technical level – thinking like a malicious hacker, understanding and anticipating the moves and tactics that a hacker might use to attack Equity systems.Work closely with the Technology teams to identify and select the right security controls to protect Equity's network & IT infrastructure, cloud and IoT solutions: define functional and non-functional security requirements and criteria to conduct technology evaluation and selection.Manage and run governance for Group Information Security function and drive the implementation of security governance and ensure adherence to it.Foster a security-conscious culture within Equity IT, Operational and Business teams.Collaborate with Technology teams to ensure that technical plans are practical, controls are sustainable, and implementation is managed to minimize risk and adverse impact to network, servers, workstations and user productivity.Document and operationalize the processes and procedures necessary to sustain the security posture of the environment as well as processes to monitor security related control break-downs in the environmentSupport Enterprise Risk Management in security related issues and investigationsConduct Research and develop/ maintain policies to ensure they cater for new threats and technologies.Develop, monitor and measure the deployment of security standardsEnsure procurement practices adhere to security protocols and security is embedded into the procurement process consistently.Work with internal stakeholders to define action plans to close or mitigate security findings of auditorsProactively test for security related issues and propose remedial plans.Manage security deliverables for programmes related to Privacy legislation across the markets within which Equity operates.Drive implementation and tracking of Critical Controls.Report on any residual risk, and other security exposures against the proposed security standards and policies including misuse of information assets and non-compliance.Measure and report on the effectiveness of Information Security management and control activities to appropriate governance committees. Report at risk and audit committees and manage the actionable outcomes related to security.Tactical planning:Manage and develop the capability of the team to deliver security services needs of Equity Group.Partner with business leaders and peer-level managers to assess the technological cost and impact of recommended changes, help clarify priorities, and coordinate cross-organizational/ subsidiary consortia where common needs have been identified.Assess risks and the effects of specific requirements on other subsidiaries business processes and system priorities to ensure security services are aligned with business strategic objectives.Identify high risk/priority security areas for improvementWork closely with Finance teams in Group and Subs to ensure budgets and cost recovery procedures are in place and working effectivelyBuild a strong relationship with Subsidiary leadership to ensure deliveryManagerial / Supervisory ResponsibilitiesSupervisory / Leadership / Managerial Complexity: Recruit, develop and retain people with outstanding skills, qualifications and potential.Performance management and identification of training needs.Accountable for a customer-centric culture and shift to legendary service provision.Employee relations and collaborative teamwork.Coaching and guidance of subordinates.Build professionalism, loyalty and commitment to the organization.Communicate actively and effectively resolving any potential conflicts that may arise.Living the Equity Brand – changing and influence employees' behaviour.Clarify roles within the team to enhance collaboration and resultsReward practices conducive to building individuals and team confidenceOptimal human resource allocation / redeployment in line with strategic objectivesManage conflict proactively and monitor disciplinary and grievance actions and trendsTrain, motivate & develop resourcesThe role requires management and supervision of the activities of a number of Team members across the Group and subsidiary functions IT & Operations who need to implement and remediate required controls. Creativities (improvement/innovation inherent): Measures to be implemented to improve security across Technology environmentsMeasures to be implemented to improve operational efficiency and effectiveness in the Operating environmentInfluence management decision making in security related aspectsPro-activeChampion of quality and doing things right the first timeSharing of knowledge and security skillsRole Complexity: Matrix management for security planningManagement of security control environment across at least 13 domains in all the Technology functions and in atleast 7 markets OF Equity GroupManagement commitmentBudgets/ Financial Input:Assist with management of Security budgets in line with business objectives and facilitate forecasting. Includes yearly CAPEX Plans and tracking spend through the yearManage project initiative budgets in line with business objectivesDrive initiatives that will ensure that the "cost of operations" are reduced, in line with a least cost operating strategy stemming from the business driversAssist with contract negotiations and driving to conclusion

REQUIRED SKILLS

Application programming interfaces (API), Relational databases (SQL), Negotiation, Problem solving

REQUIRED EDUCATION

Bachelor's degree