Job Purpose

The Head of Information Security will play a critical role in the organization's Information security strategy, overseeing the implementation and maintenance of a Zero Trust Architecture within our bank. This strategic position requires a visionary leader who can collaborate effectively with cross-functional teams and drive the transformation to enhance the security posture of our bank's systems, applications, and data.

Key Responsibilities

Develop and Execute Zero Trust Architecture Strategy  - 20%

• Lead the development and implementation of the Zero Trust Architecture strategy, ensuring alignment with the bank's overall security objectives.
• Define the roadmap for transitioning to a Zero Trust Architecture, including goals, milestones, and resource requirements.
• Evaluate emerging technologies and industry best practices to enhance the bank's security posture.

Security Governance and Risk Management  - 20%

• Establish and maintain a robust security governance framework that aligns with regulatory requirements, industry standards, and best practices.
• Identify and assess security risks, vulnerabilities, and threats, and develop appropriate risk mitigation strategies.
• Collaborate with internal stakeholders to establish security policies, standards, and procedures that support the Zero Trust Architecture.

Security Operations and Incident Response  - 20%

• Oversee the design, implementation, and operation of security controls and technologies to protect the bank's infrastructure, applications, and data.
• Develop and maintain an incident response plan, ensuring the organization's readiness to detect, respond, and recover from security incidents.
• Conduct regular security assessments, penetration testing, and vulnerability scanning to identify potential weaknesses and recommend remediation measures.

Security Awareness and Training  - 20%

• Develop and implement a comprehensive security awareness program to educate bank employees on the principles of Zero Trust and their roles in maintaining a secure environment.
• Conduct regular security training sessions and workshops to enhance the security awareness and knowledge of employees across the organization.

Stakeholder Management and Collaboration  - 20%

• Collaborate with senior management, business units, and technology teams to understand their requirements, align security objectives, and ensure the successful implementation of the Zero Trust Architecture.
• Engage with external partners, vendors, and industry peers to stay abreast of the latest security trends, technologies, and threats.

Key Relationships

Direct Reports to this Position.

• Manager, Information Security
• Senior Officer, Information Security

Customers of this Position:

• All Bank Staff
• SBM Group Management teams
• Internal and External Auditors
• Security and Fraud Managers, Investigators from the Police Service, Directorate of Criminal Investigation and BFID.
• Regulators such as Central Bank of Kenya, Capital Markets Authority, Insurance Regulatory Authority and any other regulatory bodies in Kenya.

Knowledge; Skills and Experience required for this Role

Education and Experience:

• Bachelor’s degree in Computer Science, Information Security, or a related field. Possession of MBA or M.Sc. will be an added advantage.
• Must possess at least one internationally recognizable IT security certification such as CISM, CISSP, CISA, CASP, MCSE CEH or Security+.
• Extensive experience (minimum of 8 years) in information security, including hands-on experience in designing and implementing security solutions in a complex environment.
• Proven experience in leading and managing security operations, incident response, and risk management teams.
• Experience in the financial industry or a similarly regulated environment is highly desirable

Technical Skills:

• In-depth knowledge of Information security principles, frameworks, and standards (e.g., NIST, ISO 27001, etc.).
• Strong understanding of Zero Trust Architecture principles, concepts, and implementation strategies.
• Familiarity with cloud security, network security, identity and access management, encryption technologies, and secure coding practices.
• Experience with security tools such as SIEM, DLP, IDS/IPS, and vulnerability management systems.

Competencies required for this Role

• Excellent leadership and people management skills with the ability to build and motivate high-performing teams.
• Strong analytical and problem-solving skills with the ability to make sound decisions in complex and high-pressure situations.
• Excellent verbal and written communication skills with technical and non-technical staff, end-users, and senior management.
• Strong teamwork skills to maintain strong working relationships within and outside Risk & Compliance division, to develop a results-oriented work environment.
• Excellent follow-up skills to see tasks through to resolution, and communicate problem status to end users such as notification of completion, notification of delay, and explaining rationale for IT related projects.
• Excellent organizational skills, prioritizing and managing multiple tasks.
• Offer and accept feedback and constructive suggestions.