ICT Risk and Data Protection Analyst at SidianBank

JOB PURPOSE

The role holder will assist in providing continuous independent assurance of the Bank’s Information Communication Technology (ICT) Risk and Data Privacy framework as regards to Governance, IT Risk Assessments, Risk Response & Reporting, Information Security, Privacy Architecture and Data Lifecycles of Bank’s IT assets, projects and processes. The role holder will also assist in ensuring that ICT and Data Privacy risks are managed in compliance to the Bank’s policies, laws, regulatory guidelines and applicable standards.

KEY RESPONSIBILITIES

• Carry out ICT risk assessments of the Bank’s systems and provide recommendations of appropriate and adequate IT security controls to mitigate and minimize ICT Risks.

• Participate and coordinate updating ICT Risks registers.

• Promote Information security awareness within the Bank by providing consultation, guidance and conducting relevant awareness programs to ensure an Information Security complaint culture.

• Proactively anticipate potential threat and vulnerabilities and provide guidance in coordination with the IT department on effective responses or control measures to be implemented to mitigate them.

• • Support the operationalization and update of Business Continuity Program (BCP) and Disaster Recovery (DR) test plans to ensure that the Bank can continue to function and meet its regulatory obligations in the event of an unforeseen circumstances.
  • Working with IT Department, coordinate the development of Business Impact Analysis (BIAs) in line with the Bank’s risk management framework.
  • Support Data Protection Program by providing analysis and documentation of data processing operations, data flow, services, applications, etc. and to contribute to the identification of Data Privacy risks, risk mitigation in order to comply with Kenya Data Protection Act and the Bank’s policies.

• Work with other members of the Data Protection team to action and administer the Data Privacy Impact Risk Assessments (DPIAs), identifying where assessments are required and working with business. stakeholders to drive completion of DPIAs, maintaining full and complete records and timetables for review.

• • Support Red Teaming exercises by simulating advanced persistent threat (APT) scenarios, testing the effectiveness of security controls, identifying exploitable vulnerabilities across systems and applications, and working with stakeholders to strengthen detection and response capabilities.

• Keep up to date with emerging information security trends, and understand, relevant laws and regulations such as data privacy laws.

• Execute any other duties and projects that may be assigned to you by the Line Manager or/and Head of Department.