The Information Security Specialist, Data Protection and Privacy is responsible for maintaining the integrity and confidentiality of the organization’s data while in use, in motion and in situ, in the Group’s information systems by implementing, maintaining, and monitoring effective data security controls and policies. The holder is also responsible for the deployment, testing and maintenance of data loss prevention systems, information protection security systems, and enforcement of database security controls.
- Recommend, implement, administer, optimize, and support appropriate tools and solutions offering data loss prevention, and information protection in compliance with the Bank’s policies and standards.
- Continuously review, enforce, and report on database and data store security controls that cover the major database management systems such as Oracle, Microsoft SQL Server, MySQL, PostgreSQL.
- Collaborate with the Cybersecurity Intelligence and Security Operations Centre (CiSOC) in the continuous monitoring and defence of the Bank’s data, information and databases from data leakage, intrusions, unauthorized access, unauthorized modification as well as assist to detect, report, and respond to data security violations/incidents.
- Develop Data and Database Security Technical Guidelines and Minimum Configuration Baseline Standards in line with industry best practices and technologies commensurate with risk and regulatory requirements and implementing the same cost effectively.
- Implement and enforce technical security controls to achieve data protection objectives set out by the organization and regulatory requirements such as the Kenya Data Protection Act, and CBK Guideline for Cybersecurity
- Define, create, and deliver compliance reports and relevant metrics in Data Security & Privacy to senior management, including violations, utilizing automation as deemed fit.
- Provide data security and privacy related support to projects from inception through to successful implementation in a bid to ensure that data security and overall information protection measures are built in from project inception.
- Conduct continuous data security reviews and data discovery assessments to determine any data security violations as well as efficacy of implemented countermeasures.
- Provide input into Information Security risk and control self-assessments by leveraging specialized knowledge in data security, databases, privacy, and information protection.
- Research on and provide technical data security and privacy expertise in the Group Information Security department, conduct data security awareness and user training sessions across the group.
For the above position, the successful applicant should have the following:
- Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Engineering (Electrical/ Electronic) or related field.
- Professional qualifications in any one of the following:
- Information Security Certification in CISA/ CISM/CISSP/ Security +.
- Oracle Database certifications in OCP/ Oracle Database Security/ Microsoft Database certifications e.g. MCDBA.
- Data security and/ or privacy certifications in either Certified Data Privacy Solutions Engineer/ Certified Information Privacy Professional.
- 5 years Technology experience with at least 2 years in Cybersecurity.
- 1 years’ experience in Database Administration/ Data/ Data Security.
- Experience in administering data/ information protection and privacy solutions will be desired.
- Strong interpersonal and communication skills.
The above position is demanding; for which the Bank will provide a competitive remuneration package to the successful candidate. If you believe you can clearly demonstrate your abilities to meet the criteria given above, please log in to our Recruitment portal and submit your application with a detailed CV.
To be considered your application must be received by Friday 12nd August 2022.
Qualified candidates with disability are encouraged to apply.
Only short-listed candidates will be contacted.
NB: In the event that you are invited to interview for any positions, we will require that you provide us with the following documents:
- National I.D.
- KRA Pin Card.
- Birth Certificate of self.
- Passport Photo (White Background).
- NSSF Card.
- NHIF Card.