ATS - Applicants Tracking System

Simply Intuite.

Assistant Manager – Information Security & Data Privacy

FullTime Kenya, Nairobi Posted 3 months ago

Industry: Commercial & Retail Industry

Role: Other

Closing: 30/06/2022

Reports to: Senior Manager, Risk & Compliance


Our client a Microfinance Bank is looking to fill in the position of an Assistant Manager – Information Security & Data Privacy.


JOB PURPOSE

The Assistant Manager – Information Security & Data Privacy will ensure overall compliance with laws, regulatory and ethical and integrity standards.


DUTIES AND RESPONSIBILITIES

  • Advising and monitoring data protection requirements, and escalating matters as appropriate to the Senior Manager, Risk & Compliance;
  • Facilitating compliance with data protection, privacy and banking confidentiality laws to the branches and subsidiaries;
  • Designing and assisting with the implementation of the privacy program, including policies, standards and procedures, tools, monitoring, metrics and reporting;
  • Recommending on practical solutions across the Bank and its subsidiaries and sharing leading practices with all business stakeholders;
  • Acting as a point of contact with the local privacy regulators and co-operating with the regulators and any other relevant authority on matters relating to privacy and regulatory reporting.
  • Advising and training Senior Management and staff on data processing requirements provided under the law and facilitating capacity building and training to staff involved in data processing operations;
  • Promoting privacy by design working with local Product, Function and technology teams, and reviewing and advising on data protection impact assessments, where necessary; developing an understanding of data processing activities, data flows and associated privacy risks.
  • Ensuring Data Privacy Impact Assessments are undertaken in line with data privacy laws.
  • Monitoring and advising on individual rights requests and enquiries made by data subjects on matters in relation to privacy, including complaints or grievances;
  • Conducting regular assessment and ensuring audits are conducted to ensure compliance with Data Protection Act;
  • Advising on privacy-related considerations and requirements during the investigation of security incidents and advising on notifications to privacy regulators;
  • Advising and follow up for the implementation of new data protection, privacy and banking confidentiality laws;
  • Assessing risk when business decisions are made, demonstrating particular consideration for the firm's reputation and safeguarding the Bank.
  • Assist in preparation of Executive management reports and Board papers.

Additional duties as assigned:

  • Ensure the implementation and enforcement of the Organization’s cyber security framework by maintaining an up-to-date knowledgebase of the organization’s information assets
  • Ensuring that information systems meet the needs of the Organisation, by enhancing Information Security practices in the Organisation including information security risk management and mitigation activities, security-in-design for information system development projects and ensuring compliance to the overall business strategies, ERM framework, risk appetite and Organisation policies.
  • Review and advice on the cyber security controls with the consideration of users at all levels of the organization, including internal (i.e., management, permanent & contract staff and direct sales representative) and third-party users/external users (i.e., contractors/consultants, business partners and service providers).
  • Assessment of the confidentiality, integrity, and availability of the information systems in the Organisation, taking into consideration the following:
  • Detailed documentation of exceptions to the approved cyber security policies and procedures.
  • Cyber risk identification.
  • Assessment of the effectiveness of the approved cyber security program.
  • All material cyber security events that affected the Organisation during the period.
  • Maintain a comprehensive cyber risk register. Risk identification should be forward looking and include the security incident handling.
  • Review and advice on security audits, vulnerability, and threat assessments.
  • Creating and maintaining a register on comprehensive records of all data processing activities conducted by the Organisation, including the purposes of all processing activities which must be made public on request.
  • Ensuring fulfilment of legal and contractual information security and privacy mandates
  • Review the Organisation’s network reports and systems on the Organisation’s SIEM and other security tools and investigate all possible related incidents with recommendations on corrective measure.
  • Support the unit in the review of all relevant logs to identify and address activity that is not consistent with set out Information security guidelines and standards.
  • Review and test the resilience and preparedness levels attributed to the Organisation’s Business Continuity Plan

QUALIFICATIONS, EXPERIENCE AND COMPETENCIES

Minimum Qualifications & Experience

  • Undergraduate degree in ICT or any other related course
  • 5 years within a Risk or Compliance department or any control function in a financial institution
  • Experience in the interpretation and implementation of Data Protection Act will be a distinct advantage
  • Experience in information security practises is desirable.


Competencies

  • Expertise of Compliance laws, rules, regulations, risks and typologies;
  • Excellent written, verbal, and analytical skills
  • Must be a self-starter, flexible, innovative and adaptive;
  • Highly motivated, strong attention to detail, team oriented, organized
  • Strong presentation skills with the ability to articulate complex problems and solutions through concise and      clear messaging.
  • Awareness of regulatory requirements including local and international laws, regulations (FATCA & General      Data Protection Regulation) and industry standards