Job Description
Key Responsibilities
- Conduct comprehensive ICT risk assessments covering applications, infrastructure, databases, operating systems, cloud platforms, network environments, and digital banking technologies.
- Review technology controls regularly to confirm they remain effective, efficient, and aligned with organizational risk appetite.
- Evaluate existing security safeguards and recommend improvements that reduce operational, compliance, and cyber risks.
- Monitor information security controls supporting confidentiality, integrity, availability, and resilience of critical business systems.
- Identify technology vulnerabilities through continuous control reviews and recommend practical remediation measures.
- Maintain comprehensive ICT risk registers and ensure identified risks are appropriately documented, monitored, and reported.
- Support implementation and ongoing improvement of enterprise information security frameworks.
- Assess compliance with internal ICT policies, regulatory obligations, governance requirements, and internationally recognized security standards.
- Collaborate with infrastructure, software development, network engineering, and database administration teams to strengthen technology controls.
- Participate in security reviews for new technology initiatives, digital transformation projects, and system implementations.
- Perform vulnerability assessments using recognized methodologies and coordinate timely closure of identified weaknesses.
- Support penetration testing exercises by reviewing findings, validating remediation plans, and tracking implementation progress.
- Review privileged access management practices, authentication controls, and identity governance processes.
- Assess endpoint security controls protecting workstations, servers, mobile devices, and business applications.
- Review backup, disaster recovery, and business continuity arrangements to ensure technology resilience.
- Analyze emerging cyber threats, industry trends, and evolving attack techniques that could impact banking operations.
- Recommend proactive security enhancements that minimize technology exposure before incidents occur.
- Prepare detailed ICT risk reports for management, clearly communicating technical observations and business impacts.
- Participate in internal audits, regulatory inspections, and external assessments involving ICT governance.
- Provide expert guidance on secure system design during infrastructure upgrades and technology acquisitions.
- Promote information security awareness by facilitating training sessions, presentations, and staff engagement activities.
- Support implementation of ISO 27001 principles, COBIT practices, and other recognized governance frameworks where applicable.
- Evaluate third-party technology providers from an ICT risk perspective during procurement and vendor assessments.
- Review incident reports to identify root causes, recurring control weaknesses, and improvement opportunities.
- Monitor corrective action plans to ensure timely implementation and sustainable risk reduction.
- Collaborate with compliance, audit, operational risk, and legal teams on cross-functional risk initiatives.
- Maintain accurate documentation supporting ICT governance activities and security assurance processes.
- Contribute to continuous improvement initiatives that strengthen organizational cyber resilience.
- Perform additional ICT risk management responsibilities assigned by the Head of ICT Risk and Control in support of strategic technology objectives.
- Qualifications *
Qualifications & Requirements
- Bachelor's degree in information technology, Information Security, Computer Science, Cybersecurity, Information Systems, or another closely related discipline.
- Professional certifications such as CISA, CISM, CEH, CISSP, CRISC, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, Security+, or equivalent industry
- recognized credentials will be highly desirable.
- Strong understanding of ICT governance frameworks, information security principles, enterprise risk management, and regulatory compliance requirements.
- Excellent analytical, documentation, communication, and stakeholder engagement abilities.
- Demonstrated integrity, professionalism, confidentiality, and sound ethical judgment.
How to Apply
Interested and suitably qualified candidates are invited to submit a comprehensive application including an updated Curriculum Vitae highlighting relevant qualifications, professional certifications, employment history, and key achievements related to ICT risk management, cybersecurity, or information security. Applicants should clearly indicate the job reference IRO/CEO/2026 in their application. Only candidates who demonstrate that they meet the minimum qualifications and experience requirements will be considered during the selection process. Applications should be submitted before the close of business on 24th July 2026 through the official recruitment channel provided by Co-operative Bank of Kenya PLC. Early applications are encouraged, as the recruitment process may commence before the closing date. Only shortlisted candidates will be contacted for the subsequent stages of the recruitment process.
Similar ICT / Systems Administration You Might Like
Browse More Jobs
More ICT / Systems Administration in Kenya • All Jobs in Nairobi