Manager, IT Security at Commercial International Bank (CIB) Kenya

Job Description

Job Purpose Statement

Reporting to the Head of IT and Projects, the Manager IT Security shall be responsible for the Bank’s Information Technology security program with the main objective of protecting CIBKE’s information systems, network and infrastructure from external and internal threats.

Key Responsibilities

Financial

Budget Planning: Collaborate with the Head of IT and Projects and various stakeholders to plan the IT security budget. This involves estimating the financial resources required to address security needs for the upcoming fiscal year.
Expense Monitoring: Continuously monitor and manage expenses related to security projects and initiatives to ensure they remain within budget. Take corrective actions if there are deviations.
Long-Term Planning: Consider long-term financial planning for security, including multi-year budgets that account for evolving threats and technology.

Customer

Policy Development: Develop, implement, and enforce IT security policies and procedures for internal customers to ensure compliance with security standards and best practices.
Access Control: Manage user access to systems, applications, and data, ensuring internal customers have the appropriate level of access based on roles and responsibilities.
Incident Response: Develop and implement an incident response plan; lead incident response efforts in case of security breaches or incidents.

Internal Business Process

Data Protection: Implement measures to protect sensitive data in business processes (encryption, data loss prevention, secure data handling).
Business Continuity & Disaster Recovery: Develop and maintain plans to ensure critical processes resume quickly after incidents or disasters.
Audit: Ensure action plans and delivery dates are in place to address open internal or external audit items and track these actions to completion.

Functional Responsibilities

Build the security infrastructure architecture to help manage, operate, maintain, and monitor adherence to IT Security architecture and policies.
Oversee the development and management of security controls, defenses, and countermeasures to safeguard corporate and customer data.
Ensure annual regulatory and compliance needs are met; respond to audit requests for IT security.
Recommend improvements to policies, processes, and procedures; manage their implementation.
Supervise daily IT Security team operations, provide guidance, encourage teamwork, and facilitate work processes.

Our Values

Customer First
Lead the Market
Integrity
Agility

Job Specification

Academic

Bachelor’s Degree in Information Technology, Computer Engineering, Computer Science, or equivalent.
Master’s in an IT-related field is a plus.

Professional Qualifications & Experience

Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
Familiarity with security frameworks and best practices (PCI, ISO27K, NIST)
Information Technology Infrastructure Library (ITIL)

Desired Work Experience

8–10 years in Systems and Information Security administration
At least 3–5 years in a managerial role

Reporting Relationships

Direct & Indirect Reports: All IT Security Staff
Stakeholders
Internal: All Bank Departments
External: IT Vendors, Service Providers, and CBK
Ideal Job Competencies

Technical Competence

Experience designing, implementing, and maintaining large-scale security solutions
Proven experience with security solutions troubleshooting, monitoring tools, and escalation processes
Experience with enterprise security architecture/software (IPS/IDS, antivirus, vulnerability scanners, DLP, web/email security)
Strong knowledge of Defense-in-Depth mechanisms
Knowledge of encryption and VPN
Knowledge of financial and banking sector, fraud, and operational risk

Behavioral Competence

Dynamic, analytical, and self-driven; able to work under pressure
Strong people, project, and time management skills
Hardworking, strategically minded with excellent organizational and planning skills