The Data Security Analyst is responsible for protecting the organization’s data assets by designing, implementing, and monitoring data security controls, policies, and procedures. The role ensures the confidentiality, integrity, and availability of data and information assets, supports ongoing risk management, and continuous improvement ensuring compliance with regulatory and organizational requirements. The role works closely with the various teams in the Enterprise Risk, Data protection & Privacy office, Enterprise Security Architecture, Technology teams and business units to ensure secure data handling practices throughout its entire lifecycle.
Key Responsibilities; -
- Design, implement, and maintain data security controls such as data classification, labelling, encryption, and data loss prevention (DLP), across systems, applications, and cloud platforms.
- Develop and maintain data security policies, standards, procedures and Minimum-Security Configuration Baseline Standards in line with industry best practices and regulatory requirements.
- Ensure compliance with applicable regulations and frameworks (e.g., Kenya Data Protection Act, ISO 27001, GDPR, and/or other relevant standards).
- Collaborate with the Cybersecurity Intelligence and Security Operations Centre (CISOC) in the continuous monitoring and defense of the Bank’s infrastructure against cybersecurity threat.
- Support secure adoption of new technologies, applications, and platforms to ensure cybersecurity requirements are met before introduction to production environments.
- Lead the end-to-end vulnerability management lifecycle for databases and datastores by executing assessments across cloud and on-premises infrastructure, performing risk-based prioritization, and collaborating with cross-functional teams to remediate and continuously report on compliance.
- Support cybersecurity risk assessments and remediation by leveraging technical knowledge to remediate gaps identified by assurance teams such as Information Risk and Audit teams.
- Support internal and external audits related to data security and privacy.
- Continuous research and provide technical expertise across the different business and technical functions, conduct data security awareness and user training sessions across the group.
The Person
For the above position, the successful applicant should have the following:
- Bachelor’s degree in IT/ Computer Science or related field
- Professional qualification: Security certification such as SC-401, CISA, CISM, CISSP, SSCP, CompTIA Security+, ISO27001, OSCP
- At least 2 years’ work experience.
- At least 2 years’ in Cyber Security.
The above position is a demanding role for which the Bank will provide a competitive remuneration package to the successful candidate. If you believe you can clearly demonstrate your abilities to meet the criteria given above, please log in to our Recruitment portal and submit your application with a detailed CV.
To be considered your application must be received by Friday,30th January 2026.
Qualified candidates with a disability are encouraged to apply.
Only short-listed candidates will be contacted.
