Job Description

Key Responsibilities

Define, document, and implement software security policy, secure coding practices and guidelines for the bank in line with industry best practices and technologies commensurate with risk and regulatory requirements.

Develop, implement and maintain a software security assurance framework which that shall guide information security team in security and risk assessments of applications, as well as provide security requirements for developers and third parties to adhere to.

Lead Information Security involvement in all software and application implementation projects and scrum teams to ensure all applications and changes meet set information security requirements before introduction to production environments.

Collaborate with Enterprise Architecture and Business Application Development teams to identify application/software security improvements and plug-in identified security controls in DevOps tools.

Perform and coordinate regular trainings on secure coding, software security and application security practices for the development and other KCB technology teams at regular intervals.

Collaborate in the continuous monitoring and defence of the Bank’s critical applications, such as core banking, and digital channels, for cybersecurity threat indicators; report on violations and security measures taken to address threats.

Identify, integrate, and maintain security tools, such as SAST and DAST tools (Static/Dynamic Application Security Testing), standards, and processes into the software development or product life cycle (SDLC / PLC), and CI/CD pipelines.

Participate in performing risk assessments for business solutions for inherent security risks and provide recommendations for addressing such risks.

Define, create, and deliver software/application security compliance reports and relevant metrics to the Bank’s Senior Management.

Protects the bank’s applications and systems by defining access privileges and other security control structures.

 

The Person

For the above position, the successful applicant should have the following:

A Bachelor's degree in IT/ Computer Science/ Telecommunications/ Engineering (Electrical or Electronic) or related field from a recognized university.

Must possess at least one certification from the following list:

CDP: Certified DevSecOps Professional.

CSSLP: Certified Secure Software Lifecycle Professional.

CISM: Certified Information Security Manager.

CISA: Certified Information Systems Auditor.

CISSP: Certified Information Systems Security Professional.

A minimum of 5 years’ experience in Information Technology; with at least 2 years’ experience in Information Security.

At least 1 year experience within Secure SDLC and DevSecOps.

Good knowledge of Banking Operations.

Excellent planning and organizing skills.

Excellent problem analysis and attention to detail.

 

The above position is demanding; for which the Bank will provide a competitive remuneration package to the successful candidate. If you believe you can clearly demonstrate your abilities to meet the criteria given above, please log in to our Recruitment portal and submit your application with a detailed CV.

 

How To Apply

Interested and qualified candidates should make their applications through KCB Bank Job portal via the link https://ke.kcbgroup.com/about-us/careers

Apply for this Job Now

Related Jobs

Integration Developer

Job Description/Requirements Role Purpose: Responsible for analysis and development of integrations and ETL/ELT processes, dashboard visualization and reports to support business requirements.

software engineering Nairobi, Kenya Jul/08/2021

Solution Architect

The successful jobholder will be expected to: Use appropriate tools, including logical models of components and interfaces, to contribute to the development of systems architectures in specific business or functional areas.

software engineering Nairobi, Kenya Jul/08/2021

Associate Technical Consultant

The position is responsible for providing crucial support to the consultants on client projects by frequently being assigned to develop business and functional/technical models for use on projects as well as identification/development of solutions for customers.

software engineering Nairobi, Kenya Jun/28/2021

Senior Software Quality Engineer

The Senior Software Quality Engineer is responsible for architecting new automated test strategies and frameworks, in addition to creating, implementing and automating testing in support of software test requirements. The Senior Software Quality Engineer works with QA Analysts to develop, maintain, and enhance the test automation framework and automation infrastructure.

software engineering Nairobi, Kenya Jun/28/2021