Analyst – Awareness, Enterprise Reporting & Analytics at Equity Bank Kenya

Job Description

Job Purpose:   

The role holder will be responsible for overseeing the security awareness and education program in the Bank to ensure the employees understand security requirements and reduce organizational risk and exposure by behaving in a secure manner.   Additionally, he/she will oversee the development of cybersecurity reporting and metrics for different stakeholders in the Bank. 

Job Responsibilities/ Accountabilities: 

Enterprise Reporting and Analytics: 

• Identifies, defines, gathers, and reports cybersecurity risk metrics that are important to business leaders in collaboration with technical employees and other key stakeholders. 
• Develop executive-level cybersecurity reports and communication to enable risk-informed business decision-making. 
• Ensure written deliverables are clear, comprehensive, error-free, and tailored to various audience levels, including executive audiences. 
• Oversee the efforts to verify the correctness of executive reports that contain numerous data points of various categories through quality control. 
• Coordinate proactively with stakeholders on metrics, reporting, and other tasks.  
• Assist in the implementation of processes and procedures for cybersecurity reporting and metrics activities. 
• Contribute towards process improvement of team processes, templates and tools. 
• Provide input to cybersecurity reporting and dashboards. 
• Researches best practices and innovative approaches to enable assessment and communication of cybersecurity risk and metrics. 

Information Security Awareness: 

• Develop an information security awareness program for the bank that meets all industry regulations, standards and compliance requirements. 
• Implement the awareness program within the bank using appropriate and engaging mechanisms for the audience. 
• Continuously identify top human risks and align the security program to change these behaviours. 
• Create metrics, measure and report adherence to the information security policies and standards. 
• Conduct regular awareness and education benchmarking with other companies and organizations within and outside the industry

Qualifications

Knowledge and Experience:

• Bachelor’s Degree/Diploma/Certificate in Information Technology, Information Security/Assurance, Engineering or a similar area of study 
• Relevant industry certifications (e.g. CISA, CRISC, CISM, etc.) will be advantageous 
• Minimum 3 years of experience in conducting awareness and/or implementing educational initiatives 
• Minimum 3 years in report writing and dashboard visualization. 
• Minimum 3 years of experience in a business or technology environment 
• Project management experience   
• Understanding of information security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. will be advantageous. 
• Knowledge of industry-standard frameworks (ISO 27000, NIST, PCI DSS) will be advantageous. 
• Ability to effectively provide a briefing to the business stakeholders regarding ongoing security incidents and threat levels. 

Key Critical Competencies 

• Proficient in the preparation of reports, dashboards and documentation 
• Excellent written and verbal communication ability 
• Aptitude for effectively conveying complex information 
• Ability to handle high-pressure situations with key stakeholders 
• Good analytical skills, problem solving and interpersonal skills 
• Ability to plan and manage complex, organization-wide programs 
• Ability to prioritize and consistently meet deadlines 
• Good research skills 
• Ability to work late on critical tasks when required

Role Complexity:   

• Exceptional attention to detail and the capacity to combine information from several sources and condense it into language suitable for a range of audiences in at least 13 technology domains in at least 7 markets of Equity Group

Budgets/ Financial Input:

• Assist with the management of security budgets in line with business objectives and facilitate forecasting. Includes yearly CAPEX and OPEX Plans, and tracking spending throughout the year 
• Manage awareness and reporting initiatives budgets in line with business objectives 
• Drive initiatives that will ensure that the “cost of operations” is reduced, in line with a least-cost operating strategy stemming from the business drivers