Cybersecurity Specialist, Data Security & Privacy

The Position:

The Information Security Specialist, Data Protection and Privacy is responsible for maintaining the integrity and confidentiality of the organization’s data while in use, in motion and in situ, in the Group’s information systems by implementing, maintaining, and monitoring effective data security controls and policies. The holder is also responsible for the deployment, testing and maintenance of data loss prevention systems, information protection security systems, and enforcement of database security controls.

Key Responsibilities:

Recommend, implement, administer, optimize, and support appropriate tools and solutions offering data loss prevention, and information protection in compliance with the Bank’s policies and standards.
Continuously review, enforce, and report on database and data store security controls that cover the major database management systems such as Oracle, Microsoft SQL Server, MySQL, PostgreSQL.
Collaborate with the Cybersecurity Intelligence and Security Operations Centre (CiSOC) in the continuous monitoring and defence of the Bank’s data, information and databases from data leakage, intrusions, unauthorized access, unauthorized modification as well as assist to detect, report, and respond to data security violations/incidents.
Develop Data and Database Security Technical Guidelines and Minimum Configuration Baseline Standards in line with industry best practices and technologies commensurate with risk and regulatory requirements and implementing the same cost effectively.
Implement and enforce technical security controls to achieve data protection objectives set out by the organization and regulatory requirements such as the Kenya Data Protection Act, and CBK Guideline for Cybersecurity
Define, create, and deliver compliance reports and relevant metrics in Data Security & Privacy to senior management, including violations, utilizing automation as deemed fit.
Provide data security and privacy related support to projects from inception through to successful implementation in a bid to ensure that data security and overall information protection measures are built in from project inception.
Conduct continuous data security reviews and data discovery assessments to determine any data security violations as well as efficacy of implemented countermeasures.
Provide input into Information Security risk and control self-assessments by leveraging specialized knowledge in data security, databases, privacy, and information protection.
Research on and provide technical data security and privacy expertise in the Group Information Security department, conduct data security awareness and user training sessions across the group.


The Person:

For the above position, the successful applicant should have the following:

Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Engineering (Electrical/ Electronic) or related field.
Professional qualifications in any one of the following:
Information Security Certification in CISA/ CISM/CISSP/ Security +.
Oracle Database certifications in OCP/ Oracle Database Security/ Microsoft Database certifications e.g. MCDBA.
Data security and/ or privacy certifications in either Certified Data Privacy Solutions Engineer/ Certified Information Privacy Professional.
5 years Technology experience with at least 2 years in Cybersecurity.
1 years’ experience in Database Administration/ Data/ Data Security.
Experience in administering data/ information protection and privacy solutions will be desired.
Strong interpersonal and communication skills.


Click “APPLY FOR JOB” button above to apply for this job.

About KCB Bank Kenya

Kenya Commercial Bank Limited is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya - incorporated with effect from January 1, 2016 - and all KCB's regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan. It also owns KCB Insurance Agency, KCB Capital, KCB Foundation and all associate companies. The holding company was set up to among other things to enhance the Group's capacity to access unrestricted capital and also enable investment in new ventures outside banking regulations, achieve operational and strategic autonomy for the Group's operating entities and enhance corporate governance across the Group and oversight in management of subsidiaries.