JobVoro | Jobs in Kenya

ICT Risk Officer – CO-OPERATIVE BANK, Nairobi

CO-OPERATIVE BANK • Nairobi, Kenya

Category ICT / Systems Administration
Job Type Full_time
Experience Minimum of five (5) years' professional experience in ICT Risk, Information Security, Cybersecurity, Technology Assurance, or ICT Audit. Experience working within a highly computerized enterprise environment. Previous...
Industry Banking & Financial Services
Salary KES 220,000 – 350,000 /month
Posted Jul 11, 2026

Job Description

Co-operative Bank of Kenya PLC is inviting applications from experienced and forward-thinking professionals for the position of ICT Risk Officer. This opportunity is ideal for an individual who is passionate about strengthening information security, enhancing technology governance, and protecting critical business systems within a dynamic financial institution. The successful candidate will become part of the ICT Risk and Control function, supporting the Bank's commitment to maintaining secure, reliable, and resilient technology operations while ensuring compliance with regulatory requirements and internationally recognized security standards. Reporting to the Head of ICT Risk and Control, the ICT Risk Officer will provide independent assurance that the Bank's information assets remain adequately protected against evolving cyber threats, operational risks, and technology-related vulnerabilities. The role requires continuous evaluation of information systems, security controls, infrastructure, business applications, databases, cloud environments where applicable, and supporting technologies to ensure confidentiality, integrity, and availability are consistently maintained. The successful professional will work closely with technology teams, internal stakeholders, business units, auditors, compliance specialists, and risk management functions to identify emerging ICT risks, recommend practical mitigation strategies, and monitor implementation of corrective actions. The position also contributes to strengthening the Bank's overall cybersecurity maturity by promoting security awareness, encouraging adherence to internal policies, and supporting regulatory compliance initiatives across technology operations. The ICT Risk Officer will participate in security assessments throughout the technology lifecycle, including new projects, infrastructure upgrades, application deployments, and system enhancements. The role requires analytical thinking, excellent documentation skills, strong communication abilities, and the confidence to provide objective recommendations supported by industry best practices. The ideal candidate enjoys solving complex technology challenges, interpreting technical risks into business language, and building collaborative relationships with multidisciplinary teams. Experience within financial services or another highly regulated environment will provide additional value, although candidates with extensive information security expertise and a proven track record of ICT risk management are encouraged to apply. This position offers an excellent opportunity to contribute to one of Kenya's leading financial institutions while advancing a rewarding career in cybersecurity, governance, technology assurance, and enterprise ICT risk management. Professionals seeking meaningful work with significant organizational impact are encouraged to submit their applications before the stated closing date.

Key Responsibilities

  • Conduct comprehensive ICT risk assessments covering applications, infrastructure, databases, operating systems, cloud platforms, network environments, and digital banking technologies.
  • Review technology controls regularly to confirm they remain effective, efficient, and aligned with organizational risk appetite.
  • Evaluate existing security safeguards and recommend improvements that reduce operational, compliance, and cyber risks.
  • Monitor information security controls supporting confidentiality, integrity, availability, and resilience of critical business systems.
  • Identify technology vulnerabilities through continuous control reviews and recommend practical remediation measures.
  • Maintain comprehensive ICT risk registers and ensure identified risks are appropriately documented, monitored, and reported.
  • Support implementation and ongoing improvement of enterprise information security frameworks.
  • Assess compliance with internal ICT policies, regulatory obligations, governance requirements, and internationally recognized security standards.
  • Collaborate with infrastructure, software development, network engineering, and database administration teams to strengthen technology controls.
  • Participate in security reviews for new technology initiatives, digital transformation projects, and system implementations.
  • Perform vulnerability assessments using recognized methodologies and coordinate timely closure of identified weaknesses.
  • Support penetration testing exercises by reviewing findings, validating remediation plans, and tracking implementation progress.
  • Review privileged access management practices, authentication controls, and identity governance processes.
  • Assess endpoint security controls protecting workstations, servers, mobile devices, and business applications.
  • Review backup, disaster recovery, and business continuity arrangements to ensure technology resilience.
  • Analyze emerging cyber threats, industry trends, and evolving attack techniques that could impact banking operations.
  • Recommend proactive security enhancements that minimize technology exposure before incidents occur.
  • Prepare detailed ICT risk reports for management, clearly communicating technical observations and business impacts.
  • Participate in internal audits, regulatory inspections, and external assessments involving ICT governance.
  • Provide expert guidance on secure system design during infrastructure upgrades and technology acquisitions.
  • Promote information security awareness by facilitating training sessions, presentations, and staff engagement activities.
  • Support implementation of ISO 27001 principles, COBIT practices, and other recognized governance frameworks where applicable.
  • Evaluate third-party technology providers from an ICT risk perspective during procurement and vendor assessments.
  • Review incident reports to identify root causes, recurring control weaknesses, and improvement opportunities.
  • Monitor corrective action plans to ensure timely implementation and sustainable risk reduction.
  • Collaborate with compliance, audit, operational risk, and legal teams on cross-functional risk initiatives.
  • Maintain accurate documentation supporting ICT governance activities and security assurance processes.
  • Contribute to continuous improvement initiatives that strengthen organizational cyber resilience.
  • Perform additional ICT risk management responsibilities assigned by the Head of ICT Risk and Control in support of strategic technology objectives.
  • Qualifications *

Qualifications & Requirements

  • Bachelor's degree in information technology, Information Security, Computer Science, Cybersecurity, Information Systems, or another closely related discipline.
  • Professional certifications such as CISA, CISM, CEH, CISSP, CRISC, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, Security+, or equivalent industry
  • recognized credentials will be highly desirable.
  • Strong understanding of ICT governance frameworks, information security principles, enterprise risk management, and regulatory compliance requirements.
  • Excellent analytical, documentation, communication, and stakeholder engagement abilities.
  • Demonstrated integrity, professionalism, confidentiality, and sound ethical judgment.

How to Apply

Interested and suitably qualified candidates are invited to submit a comprehensive application including an updated Curriculum Vitae highlighting relevant qualifications, professional certifications, employment history, and key achievements related to ICT risk management, cybersecurity, or information security. Applicants should clearly indicate the job reference IRO/CEO/2026 in their application. Only candidates who demonstrate that they meet the minimum qualifications and experience requirements will be considered during the selection process. Applications should be submitted before the close of business on 24th July 2026 through the official recruitment channel provided by Co-operative Bank of Kenya PLC. Early applications are encouraged, as the recruitment process may commence before the closing date. Only shortlisted candidates will be contacted for the subsequent stages of the recruitment process.

Similar ICT / Systems Administration You Might Like

Browse More Jobs

More ICT / Systems Administration in Kenya All Jobs in Nairobi

Apply Now →