Equity Bank Kenya Head of Cyber Risk & Red Team - Jobs in Kenya
Equity Bank Kenya Head of Cyber Risk & Red Team - Jobs in Kenya
The CISRO Function
The Group Chief Information Security Risk Officer (CISRO) function is instrumental in protecting and ensuring the resilience of Equity Group’s data and IT systems by managing information, cybersecurity, and IT risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the CISRO function serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the Risk Framework and for instilling a culture of cyber security within the Bank.
The Group CISRO is responsible for ICS governance, strategy, policy, risk assessments, industry partnerships, and regulatory engagement. The Office of the CISRO is central to ensuring the Bank’s ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.The Role
This Head of Cyber Risks & Red Team role is highly technical and challenging with opportunities to lead a team that will have a meaningful impact. The is expected to possess a deep understanding of both information security and information technology and should understand concepts including computer networking, web and native application functionality, operating system functionality, cloud services, corporate network environments and operations. He should be able to learn advanced concepts such as endpoint protection evasion, covert operations, and tailored exploit development.
The role leverages previous threat intelligence, and Red Team experience. This may involve delivering Threat Intel-led Red Team exercises, preparing a red team lab infrastructure, developing social engineering test campaigns and the associated collateral, executing phishing campaigns and attempting to compromise internet-facing systems, conducting privilege escalation and lateral movement within the group’s networks, hunting for objectives with little-to-no information provided at hand and attempting to exfiltrate data from the network; all while avoiding detection from the bank’s security operations teams.
The role will require you to perform exploits at scale while remaining stealthy, identify and exploit misconfigurations in the corporate infrastructure, quickly and effectively parse data, present relevant data in a digestible manner, think well outside the box.Responsibilities Responsible for the establishment of the group’s internal second line of defense red teaming capability to enable targeted testing of the group’s environment as well as effective follow up of vulnerability remediation.
Perform red team assessments with purple team support, assumed breach assessments, ransomware readiness reviews (assessing susceptibility to modern ransomware threats), threat analysis and social-engineering assessments.
Define relevant key performance indicators and metrics for measuring the maturity of the Group’s security posture from red-teaming and cyber security assurance activities
Provide both subject matter expertise and project management experience to serve as the “point person” for engagements and where required, supervise the scoping of prospective engagements by external vendors, participating in engagements from kickoff to completion.
Interface with the relevant internal and external teams to clarify and provide support to address concerns, issues, or escalations; track and drive to closure any issues that impact the service and its value to the bank’s customers
Develop comprehensive and accurate reports and presentations for both technical and executive audiences
Oversee and manage implementation improvements to the group’s business processes, methodologies, tools, and client communication methods
Provide expert experience building information, cybersecurity and it risk programs to include hands-on implementation and/or assessment of relevant controls
Provide necessary support in investigations, cyber forensic investigation and root cause analysis when required.
Use formal project management skills in planning, tracking, and reporting on project progress
Provide assurance that the first line implements controls to comply with applicable laws and regulations and escalate significant policy and regulatory non-compliance matters and developments to the Group CISRO;
Support the Testing and Assurance team, based thematic reviews, stress tests, regulatory submissions, and Internal and external audit reviews;
Establish and maintain strong relationships with identified stakeholders and understand their strategic goals to ensure ICS alignment
with the articulation of the value of ICS controls and their bottom-line impact;
Represent EGHL in internal and external meetings where required;
Lead all red team assessments and management of ICS risks and reporting outcomes within EGHL and the individual subsidiaries;
Highlight gaps or control weaknesses against security controls and standards, raising concerns to the CISRO and relevant forums;
Provide recommendations and feedback based on ICS testing and assurance experience within EGHL and the subsidiaries;
Provide input into Group wide ICS assessments, reporting, and strategies
People and Talent
Lead through example and help to create the appropriate culture and values.
Work in collaboration with risk and control partners.
Work collaboratively with the CISRO Team
Effective staff management to achieve operational objectives
Agility to manage and balance own time among multiple tasks, and lead junior staff when required
Uphold and reinforce the independence of the second line ICS Risk function.
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across EGHL. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
Effectively and collaboratively identify, escalate, mitigate, and resolve risk, conduct and compliance matters.
Group Chief Risk Officer and other senior Risk management teams,
Group CISRO, Head of IT and Cyber Security, Group Directors, Group CISO and other senior management
IT Operations risk management and cloud governance heads and teams
Group Internal Audit and other Business stakeholders
Bachelor’s degree in Computer Science, Information and Cyber Security, Technology or equivalent
Minimum of 7 years of relevant in information security or risk management, preferably in Banking and Financial sector, with 5 years hands-on experience in penetration testing red teaming and information assurance assessments
Minimum of at least a CISSP, CISA, CISM or CRISC (at least one) certification
Consistently able to demonstrate or articulate value proposition
Prior positive interaction with C-level executives or senior executive personnel
Candidates will also have one or more of the following;
-Licensed Penetration Tester (LPT)
-Offensive Security Certified Expert (OSCE)
-Offensive Security Evasion Techniques and Breaching Defences (OSEP)
-Offensive Security Advanced Windows Exploitation (OSEE)
-SANS Penetration Testing and Ethical Hacking / Purple Team certifications
Red team operations and purple team delivery, including adversary emulation
Operation of common command and control solutions
Network penetration testing and manipulation of network infrastructure
Shell scripting or automation of simple tasks using common scripting languages
Developing, extending, or modifying exploits, shellcode, or exploit tools
Technical report writing and documentation of red team testing activities
Presentation of technical details to both a technical and executive audiences
Windows, Linux, Unix and/or Mac operating systems including bash and PowerShell
Experience in at least four of the following;
-Email, phone, or physical social-engineering assessments
-Reverse engineering malware, data obfuscators, or ciphers
-Thorough understanding of network protocols, data on the wire, and covert channels
-Threat intelligence analysis
-System administration of corporate environments and networking
-Offensive security project management
-Source code review for control flow and security flaws
-Strong knowledge of tools used for wireless, web application, and network security testing
-Mobile and/or web application assessments
-Technical incident response processes and engagements
Ability to both assess priorities and to focus on work in a structured fashion which delivers results
Sound judgement and anticipation
Strong integrity, independence, and resilience.
For more information and job application details, see; Equity Bank Kenya Head of Cyber Risk & Red Team - Jobs in Kenya
Find daily jobs in Kenya. Jobs - Kenya jobs. Search our career portal & find the latest Kenyan job positions, career opportunities & jobs in Kenya.
Jobs in Kenya - banking jobs, IT jobs, accounting jobs, NGO jobs, business administration, ICT, UN jobs, procurement jobs, education jobs, hospital jobs, human resources jobs, engineering, teaching jobs, and other careers in Kenya.
Find your dream job from 1000s of vacancies in Kenya posted and updated daily - click here!