Equity Bank Kenya Head of Cyber Risk & Red Team - Jobs in Kenya

Equity Bank Kenya Head of Cyber Risk & Red Team - Jobs in Kenya

The CISRO Function

The Group Chief Information Security Risk Officer (CISRO) function is instrumental in protecting and ensuring the resilience of Equity Group’s data and IT systems by managing information, cybersecurity, and IT risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the CISRO function serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the Risk Framework and for instilling a culture of cyber security within the Bank.
The Group CISRO is responsible for ICS governance, strategy, policy, risk assessments, industry partnerships, and regulatory engagement. The Office of the CISRO is central to ensuring the Bank’s ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.

The Role

This Head of Cyber Risks & Red Team role is highly technical and challenging with opportunities to lead a team that will have a meaningful impact. The is expected to possess a deep understanding of both information security and information technology and should understand concepts including computer networking, web and native application functionality, operating system functionality, cloud services, corporate network environments and operations. He should be able to learn advanced concepts such as endpoint protection evasion, covert operations, and tailored exploit development.

The role leverages previous threat intelligence, and Red Team experience. This may involve delivering Threat Intel-led Red Team exercises, preparing a red team lab infrastructure, developing social engineering test campaigns and the associated collateral, executing phishing campaigns and attempting to compromise internet-facing systems, conducting privilege escalation and lateral movement within the group’s networks, hunting for objectives with little-to-no information provided at hand and attempting to exfiltrate data from the network; all while avoiding detection from the bank’s security operations teams.

The role will require you to perform exploits at scale while remaining stealthy, identify and exploit misconfigurations in the corporate infrastructure, quickly and effectively parse data, present relevant data in a digestible manner, think well outside the box.

Responsibilities

Responsible for the establishment of the group’s internal second line of defense red teaming capability to enable targeted testing of the group’s environment as well as effective follow up of vulnerability remediation.

Perform red team assessments with purple team support, assumed breach assessments, ransomware readiness reviews (assessing susceptibility to modern ransomware threats), threat analysis and social-engineering assessments.

Define relevant key performance indicators and metrics for measuring the maturity of the Group’s security posture from red-teaming and cyber security assurance activities

Provide both subject matter expertise and project management experience to serve as the “point person” for engagements and where required, supervise the scoping of prospective engagements by external vendors, participating in engagements from kickoff to completion.

Interface with the relevant internal and external teams to clarify and provide support to address concerns, issues, or escalations; track and drive to closure any issues that impact the service and its value to the bank’s customers

Develop comprehensive and accurate reports and presentations for both technical and executive audiences

Oversee and manage implementation improvements to the group’s business processes, methodologies, tools, and client communication methods

Provide expert experience building information, cybersecurity and it risk programs to include hands-on implementation and/or assessment of relevant controls

Provide necessary support in investigations, cyber forensic investigation and root cause analysis when required.

Use formal project management skills in planning, tracking, and reporting on project progress

Processes

Provide assurance that the first line implements controls to comply with applicable laws and regulations and escalate significant policy and regulatory non-compliance matters and developments to the Group CISRO;

Support the Testing and Assurance team, based thematic reviews, stress tests, regulatory submissions, and Internal and external audit reviews;

Establish and maintain strong relationships with identified stakeholders and understand their strategic goals to ensure ICS alignment

Assist

with the articulation of the value of ICS controls and their bottom-line impact;

Represent EGHL in internal and external meetings where required;

Risk Management

Lead all red team assessments and management of ICS risks and reporting outcomes within EGHL and the individual subsidiaries;

Highlight gaps or control weaknesses against security controls and standards, raising concerns to the CISRO and relevant forums;

Provide recommendations and feedback based on ICS testing and assurance experience within EGHL and the subsidiaries;

Provide input into Group wide ICS assessments, reporting, and strategies

People and Talent

Lead through example and help to create the appropriate culture and values.

Work in collaboration with risk and control partners.

Work collaboratively with the CISRO Team
Effective staff management to achieve operational objectives

Agility to manage and balance own time among multiple tasks, and lead junior staff when required

Uphold and reinforce the independence of the second line ICS Risk function.

Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across EGHL. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.

Key Stakeholders

Group Chief Risk Officer and other senior Risk management teams,

Group CISRO, Head of IT and Cyber Security, Group Directors, Group CISO and other senior management

IT Operations risk management and cloud governance heads and teams

Group Internal Audit and other Business stakeholders

Qualifications

Ideal Candidate

Bachelor’s degree in Computer Science, Information and Cyber Security, Technology or equivalent

Minimum of 7 years of relevant in information security or risk management, preferably in Banking and Financial sector, with 5 years hands-on experience in penetration testing red teaming and information assurance assessments

Minimum of at least a CISSP, CISA, CISM or CRISC (at least one) certification

Consistently able to demonstrate or articulate value proposition

Prior positive interaction with C-level executives or senior executive personnel

Candidates will also have one or more of the following;
-Licensed Penetration Tester (LPT)
-Offensive Security Certified Expert (OSCE)
-Offensive Security Evasion Techniques and Breaching Defences (OSEP)
-Offensive Security Advanced Windows Exploitation (OSEE)
-SANS Penetration Testing and Ethical Hacking / Purple Team certifications

Red team operations and purple team delivery, including adversary emulation

Operation of common command and control solutions

Network penetration testing and manipulation of network infrastructure

Shell scripting or automation of simple tasks using common scripting languages

Developing, extending, or modifying exploits, shellcode, or exploit tools

Technical report writing and documentation of red team testing activities

Presentation of technical details to both a technical and executive audiences

Windows, Linux, Unix and/or Mac operating systems including bash and PowerShell

Experience in at least four of the following;
-Email, phone, or physical social-engineering assessments
-Reverse engineering malware, data obfuscators, or ciphers
-Thorough understanding of network protocols, data on the wire, and covert channels
-Threat intelligence analysis
-System administration of corporate environments and networking
-Systems exploitation
-Offensive security project management
-Source code review for control flow and security flaws
-Strong knowledge of tools used for wireless, web application, and network security testing
-Mobile and/or web application assessments
-Technical incident response processes and engagements

Ability to both assess priorities and to focus on work in a structured fashion which delivers results

Sound judgement and anticipation

Strong integrity, independence, and resilience.

For more information and job application details, see; Equity Bank Kenya Head of Cyber Risk & Red Team - Jobs in Kenya



Find daily jobs in Kenya. Jobs - Kenya jobs. Search our career portal & find the latest Kenyan job positions, career opportunities & jobs in Kenya.

Jobs in Kenya - banking jobs, IT jobs, accounting jobs, NGO jobs, business administration, ICT, UN jobs, procurement jobs, education jobs, hospital jobs, human resources jobs, engineering, teaching jobs, and other careers in Kenya.

Find your dream job from 1000s of vacancies in Kenya posted and updated daily - click here!