DEPUTY MANAGER, IT RISK AND COMPLIANCE IN RISK AND COMPLIANCE DIVISION, STRATEGY AND RISK DEPARTMENT

Job Purpose

This role provides independent oversight and challenge of technology and cyber risks across the Bank. The role strengthens the IT risk management framework and control environment by ensuring alignment with best practice standards, regulatory expectations, and the Bank’s risk appetite. It involves proactive risk identification, assurance activities, and engagement with stakeholders to embed a risk-aware culture in technology decision-making.

Key Duties and Responsibilities

1. Provide expert risk advice on existing technology and cyber risks, including digital transformation initiatives, cloud, and AI.

2. Identify emerging technology and cyber risks and assess their potential impact on the Bank’s operations and mandate.

3. Support and challenge first-line enterprise technology risk assessments, ensuring completeness, accuracy and alignment with the Bank’s risk appetite.

4. Perform independent design reviews of key IT general controls, including access management, segregation of duties, change management and configuration controls.

5. Review IT risk policies, standards and guidelines aligned to ISO, NIST and other relevant frameworks.

6. Review the effectiveness of incident and problem management processes, supporting root cause analysis and identification of control improvements.

7. Engage with IT and business stakeholders to promote risk-aware decision-making.

8. Prepare clear and insightful IT risk reports for governance forums, tracking remediation actions to closure.

Qualifications

1. Bachelor’s degree in Information Technology, Computer Science, Information Systems or related discipline.

2. Professional certifications such as CISA, CRISC or equivalent is mandatory.

3. Additional training in cyber security is an added advantage.

Work Experience

Minimum of five (5) years’ experience in IT risk, cyber risk, IT audit or technology assurance roles in an

organization of similar size and complexity.

Competencies

Technical Competencies

1. Proficiency in IT risk frameworks (ISO, NIST, COBIT) and cyber security principles.

2. Proficiency risk management, including the identification of technology risks at both the departmental and bank-wide levels, and developing corresponding mitigation measures.

Behavioural / General Competencies

3. Proactive, self-driven, and committed to divisional objectives.

4. Excellent interpersonal and stakeholder management skills.

5. Strong problem-solving and organizational abilities.

6. High integrity, professionalism, and adherence to CBK values.

7. Strong communication skills (oral and written).

Candidates are requested to note that:

• INCOMPLETE applications will not be considered.
• Only shortlisted candidates will be contacted.