Senior Information Security Officer – Guaranty Trust Bank – Nairobi

The Role
The successful candidate will be responsible for all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the Bank’s information security policies.

Key Responsibilities
Oversee and implement the Bank’s information security program and enforce the information security policy.
Design information security controls with the consideration of users at all levels of the Bank, including internal (i.e. management and staff) and external users
(i.e. contractors/consultants, business partners and service providers).
Organizing professional information security related trainings to improve technical proficiency of staff.
Ensure that regular and comprehensive information risk assessments are conducted.
Ensure that adequate processes and tools are in place for monitoring IT systems to detect information security incidents and events in a timely manner.
Ensure timely update of the incident response mechanism and Business Continuity Plan (BCP) based on the latest cyber threat intelligence gathered.
Incorporate the utilization of scenario analysis to consider a material cyber-attack, mitigating actions, and identify potential control gaps
Perform Vulnerability Assessment and Penetration Testing.
Ensure frequent data backups of critical IT systems (e.g. real time back up of changes made to critical data) are carried out to a separate storage location.
Ensure the roles and responsibilities of managing cyber risks, including in emergency or crisis decision-making, are clearly defined, documented and communicated to relevant staff.

Key Requirements
University degree in Information Technology or related field
4 to 5 years relevant experience preferably in the area of Information security
CISA/CISM/CISSP or equivalent certification will be an added advantage
Knowledge of common information security management frameworks, such as ISO 27001 and NIST 800-53.
Proven track record of success in information security implementation, information security audit, preferably in a financial services institution.
Excellent written and verbal communication skills and high level of personal integrity.

Method of Application
If you believe you have the qualifications, skills and experience that meet the above criteria, please email your application with your current and updated CV to by close of business on Friday 25th November 2022. Only shortlisted candidates will be contacted