National Bank of Kenya (NBK) is a financial institution offering retail, commercial, and corporate banking products, now fully owned by Access Bank Plc after its acquisition from KCB Group in May 2025. Initially founded in 1968 as a government-owned entity to provide access to credit for Kenyans, it now functions as a subsidiary of Access Bank, which aims to expand its presence in East Africa.
Job Reference No. NBK/Risk/01/2025
Job Overview
The role holder will be responsible for supporting the risk identification and management process across all aspects of Information Technology for the Bank, updating the executive management on the results of the risk assessment and making recommendations for mitigations to protect the Bank systems or cover potential financial losses.
Job Description
- Develop and implement an ICT Risk Management Framework;
- Conduct system vulnerability tests in line with Bank policies and global standards and report to management on vulnerability and protection against cyber-attacks;
- Identify and assess ICT risks, design mitigation controls and monitor the risks till closure;
- Clearly document and define risks and their potential impact alongside the statistical probability of such an event, and identify systems affected by the defined risk;
- Develop ICT risk management guidelines to be used by all Divisions of the Bank;
- Conduct system penetration testing during various stages of the system development lifecycle to ensure integrity, availability and assurance of the systems and technical processes;
- Perform a review on compliance with ICT security policies across the technology ecosystem;
- Evaluate IT security policy, processes and procedures for completeness and applicability;
- Evaluate IT service management policies, processes and procedures for completeness and applicability;
- Work closely with Business functions to identify risks in products that use digital platforms;
- Conduct fraud assessments on technology platforms in line with the Fraud Risk Management Policy;
- Keep abreast with current advances in all areas of ICT security;
- Continuously evaluate communication security, data vulnerability, business continuity; and examine employee compliance with security controls and deficiencies.
Skills & Experience:
- A Bachelor’s Degree in Computer Science, IT or related field from a recognised University.
- Masters’ degree would be added advantage
- Certified in Risk and Information Systems Control (CRISC) or equivalent preferred.
- 3-5 years of related experience with an emphasis on ICT Risk
- CISA professional certification.
- Membership of IIA/ISACA is preferred.
- Ability to conduct data mining, data analysis and reporting.
- An intermediate understanding of networking concepts.
- Intermediate understanding of security appliances including but not limited to Intrusion
- Detection System (IDS), Intrusion Prevention System (IPS), Firewall, and Security
- Information and Event Management (SIEM) systems
- Analytical, objective and ability to describe complex technical concepts and ideas in non-technical terms
- Understanding of ICT risk management, processes and associated control requirements.
- Innovation; able to keep up with trends of meeting the demands of internal and external customers and controls thereof.
- Collaboration; forms business partnerships that help drive the Bank’s Assurance agenda.
- Good knowledge of Banking laws and regulations
- Analytical thinking capability.
- Report writing and communication skills.
- Stakeholder Management
Method of Application
Meet the Qualifications? Email your CV to [email protected] quoting the Job reference no and using the position as the subject of the mail.