Job Description

• Will be responsible for the day-to-day management and implementation of Information security. This role requires that the role holders interact with security systems on a real-time basis and must develop ability to detect security breaches within 15 minutes.

KEY MEASURABLE GOALS

• Achieve security and compliance to Old Mutual Group Security Blueprint and Regulatory requirements.
• Resolve reported cyber incidents or escalate to investigative authorities.
• Identify and manage information risks.
• Maintain required security posture on all IT systems.
• Compliance to Risk and Audit.

KEY RESPONSIBILITIES

• Implement security projects by use of products such as Network Firewalls, Antivirus Systems, Database Security Systems, and Software Patching systems.
• Implement 2 factor authentication following a risk-based approach for all critical system logins such as super user logins and remote VPN connections.
• Train and promote information security awareness campaigns amongst all the staff.
• Play an active role in the information security stage of every business project.
• Develop risks based plans and polices to safeguard information assets against accidental or unauthorized modification, destruction, access or disclosure.
• Monitor current vulnerability reports from threat management systems (antivirus reports, firewalls, alerts systems etc.) and execute measures to remove these vulnerabilities.
• Ensure that relevant encryption and data loss prevention standards are implemented to the group security blueprint standard requirements.
• Ensure that all Faulu Systems, Perimeter Network Systems, Desktops, Point of Sale Devices, and other Mobile devices are all up to date with the latest security patches and measures.
• Working closely with System and Business Managers, he/she should identify and close data and information security as well as the continuity gaps necessary for effective data, information continuity and security.
• Review vendor security systems with an aim to improve security on directly connected links.
• Protect system by defining user access privileges and control structures.
• Establish security for VPNs, home connections and Internet Connections
• Where required develop an information security policy.
• Establish information security incident visibility to the relevant investigative authorities.
• Safeguard established and agreed logical and physical security measures for all the information assets.
• Perform periodic User Access Rights reviews and recertifications on all critical systems.
• Implementation of Information Security tools and methods necessary to support the bank’s Information Security Strategy.
• Determine and report all security violations and inefficiencies by conducting periodic system information security reviews.

IT RISK AND SECURITY

• Carry Contribute to IT security risk and controls self-assessments.
• Continuous monitoring of IT Security baselines, policies, and frameworks to maintain stable security posture.
• Constant monitoring and remediation of security vulnerabilities (Vulnerability per device, VPD’s) and ensure severity levels are at acceptable thresholds.
• Perform IT Security compliance checks for network devices, endpoints, and databases in Faulu.

BANKWIDE AML KYC & CFT RESPONSIBILITIES

• The incumbent will be responsible for ensuring adherence to, implementation of, and adoption of Compliance, Anti-Money Laundering (AML), and Sanctions-related policies, procedures, and process requirements within Old Mutual and its subsidiaries. This includes execution of customer due diligence processes, ensuring compliance with Know-Your-Customer (KYC) standards, conducting ongoing and enhanced due diligence, and maintaining data quality.
• Additionally, the role involves identifying and monitoring potential AML, Sanctions, or Compliance breaches and unusual activities, and escalating these concerns to the Risk and Compliance Office for further action.

Education

• Bachelor’s degree in computer science or Equivalent qualification.
• Must possess at least one Security Certification such as CEH, Comp TIA Security + Certification(s), CIH (Certified Incident Handler), CTIA (Certified Threat Intelligence Analyst (CTIA), OSCP (Offensive Security Certified Professional), GCTI (GIAC Cyber Threat Intelligence), GCIH (GIAC Certified Incident Handler), CSX-F (Cyber Security Fundamentals), SSCP (Systems Security Certified Practitioner) and CASP (CompTIA Advanced Security Practitioner)
• CISSP, CRISC, CISM, CISA, CEH or other InfoSec Governance Training in information security would be an added advantage.

Knowledge and Skills

• User and Technical level knowledge of core operating systems e.g. Unix, Linux and Windows of at least one year (1) working experience.
• Experience in Endpoint Security Management
• Administer, optimize, and support the Bank’s security awareness and phishing simulation solutions, in compliance with the Bank’s policies and standards.
• Good knowledge of Banking Operations and procedures.
• Good information Data Protection Act and Data Security.
• Experience in Network Security including firewall, NAC, Network Segmentation, VPN and gateway security
• Experience in Identity and Access Management
• Experience in using security monitoring tools and incidence response using SIEM tool kit
• Experience in penetration testing and vulnerability management
• Experience in application security from web applications to mobile apps and USSD
• Experience in Database Security and use of Database Access Management, DAM
• Experience in Cloud Security management
• Experience in Security Operations and cybersecurity threat indicators then assist to detect, report, and respond to related incidents

Experience

• A minimum of 2 years’ experience in Information Security
• Strong technical skills in a wide range of systems and security tools such as, SIEM, DAM, PAM, WAF, Access Lists, Firewalls Rules, Wireless Encryption Standards, Windows/Linux IP Protocols, Endpoint Security, mobile devices security, access control systems, data loss prevention systems and encryption standards
• Good understanding of Applications and Database Security controls in banking businesses, with deep knowledge in emerging security threats
• Hands on and proven experience in security software and hardware security remediation projects

Personal Attributes

• Team Player
• Tech Savvy and Business awareness
• Ownership
• A person of high integrity, dependable and with technical knowledge
• Flexible to work during odd hours
• Self-starter with ability to go an extra mile and deliver within agreed timelines
• Strong verbal and written communication skills
• Building relationships
• Aligning Performance for success
• Ability to work with minimal supervision

go to method of application »