More than 100,000 people have found their dream job through Fuzu.

CLOSED FOR APPLICATIONS

Senior Manager, Security Governance & Technical Assurance

Closing: May 25, 2024

This position has expired

Published: May 13, 2024 (15 days ago)

Job Requirements

Education:

Work experience:

Language skills:

Job Summary

Contract Type:

Sign up to view job details.

Minimum Requirements:

Education:

  • Minimum of 3 years tertiary qualification (degree/ national diploma) pr equivalent in Information Technology
  • Security certification e.g. CISSP & CISM essential
  • Other qualifications (ITIL, TMF, COBIT) advantage
  • Fluent in English

Experience:

  • Min of 6 years in IT, 2 of which as an Information Security Senior Specialist or Manager in a large enterprise environment essential
  • Experience in Banking or Telco industry advantageous
  •  Experience should ideally span multiple security domains ranging from security risk and governance, Data Loss Prevention, Authentication, Malware, Network Security, Applications and Operations Systems and Security across platform / database /network
  •  Must have a wide breadth of knowledge and experience across security products, tools, and industry trends
  • Knowledge of current security risks and protocols as well as good working knowledge of technical risk management and assessments
  • Ability to interact with a broad cross-section of personnel to explain and enforce security measures
  • Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters
  • Expert knowledge of regulatory compliance requirements (PCI-DSS, ISO 27001, GDPR, etc.)
  • Excellent written and verbal communication skills as well as business acumen and a commercial outlook
  • Good analytic and problem-solving skills
  • Ability to work under pressure, as well as the ability to take independent initiative when needed.


Responsibilities

Minimum Requirements:

Education:

  • Minimum of 3 years tertiary qualification (degree/ national diploma) pr equivalent in Information Technology
  • Security certification e.g. CISSP & CISM essential
  • Other qualifications (ITIL, TMF, COBIT) advantage
  • Fluent in English

Experience:

  • Min of 6 years in IT, 2 of which as an Information Security Senior Specialist or Manager in a large enterprise environment essential
  • Experience in Banking or Telco industry advantageous
  •  Experience should ideally span multiple security domains ranging from security risk and governance, Data Loss Prevention, Authentication, Malware, Network Security, Applications and Operations Systems and Security across platform / database /network
  •  Must have a wide breadth of knowledge and experience across security products, tools, and industry trends
  • Knowledge of current security risks and protocols as well as good working knowledge of technical risk management and assessments
  • Ability to interact with a broad cross-section of personnel to explain and enforce security measures
  • Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters
  • Expert knowledge of regulatory compliance requirements (PCI-DSS, ISO 27001, GDPR, etc.)
  • Excellent written and verbal communication skills as well as business acumen and a commercial outlook
  • Good analytic and problem-solving skills
  • Ability to work under pressure, as well as the ability to take independent initiative when needed.


Technical Excellence:

  • Provide assurance that Equity Group’s assets are effectively managed and monitored to meet Equity security requirements - first-line management assurance.
  • Analize known and emerging threats to determine risks against Equity assets.
  • Review and document Information Security Policies, Processes and Procedures and meet governance in terms of legislative and audit requirements and provide consultation to business with regard to this.
  • Identification and management of information security risks within Equity by identifying, defining and maintaining the information security policy and functional standards for the organisation.
  • Create and continuously review security governing principles to guide information, technology, and solution decision making for Equity
  • Develop Group’s Critical Controls and Compliance universe, and drive the implementation of control mechanisms, which enable Information Security function to effectively manage the true status of information security within Equity.
  • Report on mitigating actions required to correct or remedy actions where necessary and inform IT Teams and relevant Business units of any significant changes and risk situations.
  • Consult to projects in terms of identifying risks, vulnerabilities and controls.
  • Perform first-line Security Assessments on internal environments and 3rd party environments, with the purpose of identifying shortcomings which risk to Equity and drive remedial actions.
  • Coordinate reporting and action plans in the event that a security incident does occur
  • Conduct monthly security service/ posture reviews across the environment and present reports to the relevant subsidiaries, business units and governance committees.
  •  Represent Information Security in the relevant business areas in Equity as well as various IT/ risk or Security committees and forums within Equity.
  •  Provide on-going subject matter expert level consultation to Equity project and operational teams, application owners, and other technology and network teams on relevant security controls requirements.
  • Ensure optimal performance of the security services and identify control efficiencies in how security is operated across all security domains.
  • Track and drive implementation of Technical Security Standards across the technology platforms.
  • Review and track all risk accepted and exception items and assist to build and manage the security compliance universe. Consult to projects (Business and Technology) in terms of identifying risks and specific vulnerabilities and controls for new implementations.

Operational Delivery:

  • Perform first-line management assurance on technical controls to minimise audit impact and risk exposure
  • Model threats and risks as well as the controls necessary to mitigate them, on both an organisational and technical level – thinking like a malicious hacker, understanding and anticipating the moves and tactics that a hacker might use to attack Equity systems.
  • Work closely with the Technology teams to identify and select the right security controls to protect Equity’s network & IT infrastructure, cloud and IoT solutions: define functional and non-functional security requirements and criteria to conduct technology evaluation and selection.
  • Manage and run governance for Group Information Security function and drive the implementation of security governance and ensure adherence to it.
  • Foster a security-conscious culture within Equity IT, Operational and Business teams.
  • Collaborate with Technology teams to ensure that technical plans are practical, controls are sustainable, and implementation is managed to minimize risk and adverse impact to network, servers, workstations and user productivity.
  • Document and operationalize the processes and procedures necessary to sustain the security posture of the environment as well as processes to monitor security related control break-downs in the environment
  • Support Enterprise Risk Management in security related issues and investigations
  • Conduct Research and develop/ maintain policies to ensure they cater for new threats and technologies.
  • Develop, monitor and measure the deployment of security standards
  • Ensure procurement practices adhere to security protocols and security is embedded into the procurement process consistently.
  • Work with internal stakeholders to define action plans to close or mitigate security findings of auditors
  • Proactively test for security related issues and propose remedial plans.
  • Manage security deliverables for programmes related to Privacy legislation across the markets within which Equity operates.
  • Drive implementation and tracking of Critical Controls.
  • Report on any residual risk, and other security exposures against the proposed security standards and policies including misuse of information assets and non-compliance.
  • Measure and report on the effectiveness of Information Security management and control activities to appropriate governance committees. 
  • Report at risk and audit committees and manage the actionable outcomes related to security.

Tactical planning:

  • Manage and develop the capability of the team to deliver security services needs of Equity Group.
  • Partner with business leaders and peer-level managers to assess the technological cost and impact of recommended changes, help clarify priorities, and coordinate cross-organizational/ subsidiary consortia where common needs have been identified.
  • Assess risks and the effects of specific requirements on other subsidiaries business processes and system priorities to ensure security services are aligned with business strategic objectives.
  • Identify high risk/priority security areas for improvement
  • Work closely with Finance teams in Group and Subs to ensure budgets and cost recovery procedures are in place and working effectively
  • Build a strong relationship with Subsidiary leadership to ensure delivery

Managerial / Supervisory ResponsibilitiesSupervisory / Leadership / Managerial Complexity: 

  • Recruit, develop and retain people with outstanding skills, qualifications and potential.
  • Performance management and identification of training needs.
  • Accountable for a customer-centric culture and shift to legendary service provision.
  • Employee relations and collaborative teamwork.
  • Coaching and guidance of subordinates.
  • Build professionalism, loyalty and commitment to the organization.
  • Communicate actively and effectively resolving any potential conflicts that may arise.
  • Living the Equity Brand – changing and influence employees’ behaviour.
  • Clarify roles within the team to enhance collaboration and results
  • Reward practices conducive to building individuals and team confidence
  • Optimal human resource allocation / redeployment in line with strategic objectives
  • Manage conflict proactively and monitor disciplinary and grievance actions and trends
  • Train, motivate & develop resources
  • The role requires management and supervision of the activities of a number of Team members across the Group and subsidiary functions IT & Operations who need to implement and remediate required controls. 

Creativities (improvement/innovation inherent): 

  • Measures to be implemented to improve security across Technology environments
  • Measures to be implemented to improve operational efficiency and effectiveness in the Operating environment
  • Influence management decision making in security related aspects
  • Pro-active
  • Champion of quality and doing things right the first time
  • Sharing of knowledge and security skills

Role Complexity: 

  • Matrix management for security planning
  • Management of security control environment across at least 13 domains in all the Technology functions and in atleast 7 markets OF Equity Group
  • Management commitment

Budgets/ Financial Input:

  • Assist with management of Security budgets in line with business objectives and facilitate forecasting. Includes yearly CAPEX Plans and tracking spend through the year
  • Manage project initiative budgets in line with business objectives
  • Drive initiatives that will ensure that the “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers
  • Assist with contract negotiations and driving to conclusion


Applications submitted via Fuzu have 32% higher chance of getting shortlisted.

Don’t miss your chance to work at Equity Bank Kenya . Enter your email to start your application now