Manager Technology Risk at Equity Bank Kenya

• Develop, implement, and maintain the bank's Technology Risk Management Framework in alignment with regulatory requirements and industry standards (e.g., NIST, ISO 27001, COBIT, Basel).
• Ensure technology risk policies, procedures, and controls are effectively embedded across all business units.

• Conduct technology risk assessments, including IT control testing, risk control self-assessments (RCSA), and scenario analysis.
• Identify emerging risks related to cybersecurity threats, third-party IT risks, cloud computing, AI, and digital banking platforms.
• Implement risk mitigation measures to strengthen IT security and resilience.

• Work closely with the Information Security and IT teams to assess cyber threats, vulnerabilities, and incident response strategies.
• Ensure compliance with data protection laws (e.g., GDPR, Kenya Data Protection Act) and regulatory requirements.
• Monitor cybersecurity incidents and oversee remediation efforts.

• Assess technology risks associated with third-party vendors, cloud service providers, and IT outsourcing arrangements.
• Conduct due diligence and continuous monitoring of critical IT service providers.

• Ensure adherence to local and international regulatory requirements, including CBK ICT Risk Guidelines, Basel III, and ISO standards.
• Act as the liaison between IT, internal audit, and external regulatory bodies during technology risk audits.
• Address and close audit findings related to IT risk.

• Support IT Disaster Recovery (DR) and Business Continuity Planning (BCP) initiatives.
• Coordinate technology risk incident response efforts and ensure timely reporting of critical IT disruptions.

• Develop and present technology risk reports, dashboards, and key risk indicators (KRIs) to senior management, the Risk Committee, and Board-level governance forums.
• Track and monitor IT risk remediation plans, ensuring timely resolution of identified risks.

• Conduct technology risk awareness training for business units to promote a risk-aware culture.
• Support risk management capacity-building initiatives for IT and business teams.

• Education: Bachelor's degree in computer science, Information Technology, Risk Management, Cybersecurity, or a related field. A master's degree is an added advantage.
• Certifications: Professional certifications such as CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), CISSP (Certified Information Systems Security Professional), or ITIL (Information Technology Infrastructure Library) are highly preferred.
• Experience: Minimum of 5-7 years of experience in technology risk management, IT security, cybersecurity, or audit in the banking or financial services industry.
• Regulatory Knowledge: Strong understanding of CBK ICT Risk Guidelines, Basel Accords, NIST Cybersecurity Framework, GDPR, Kenya Data Protection Act, and ISO 27001.

• Technology Risk Management - Expertise in IT risk identification, mitigation, and monitoring.
• Cybersecurity & Information Security - Strong understanding of cyber threats, vulnerability management, and data protection regulations.
• IT Governance & Compliance - Knowledge of COBIT, ITIL, and regulatory requirements for technology risk management.
• Incident & Crisis Management - Ability to handle IT incidents, cyber breaches, and business continuity disruptions.
• Audit & Assurance - Experience in conducting IT risk assessments, internal audits, and regulatory compliance reviews.

Jobs in Kenya