Consolidated Bank of Kenya Limited was incorporated on 7th December, 1989 . This was in an effort to stabilise the financial sector through the acquisition of nine insolvent institutions and thereafter restructuring them into a viable, professionally run commercial bank. The Bank enjoys an independent, dynamic, result oriented culture and a flexible and innovative approach. We understand the markets in which our clients operate and offer a service built on personalised and specialised banking solutions. We offer one of the widest range of banking products and services in the market today. We realize that a growing business demands a lot of time and energy. We understand these challenges and continously develop flexible, innovative and convinient financial solutions to help our customers achieve personal and business success. With years of banking experience and special focus on SMEs, we are in a strong position to help growing businesses unlock their potential and sail through the complexities they may face. The bank is fully owned by the Government with the majority shareholding in the bank (78%) held by The National Treasury. The remaining shareholding is spread over twenty-five (25) parastatals and other quasi government organizations.Job Purpose Reporting to the Information Security Manager, the Information Security Officer will be responsible for safeguarding the Bank’s information assets, systems, networks, and digital infrastructure against cybersecurity threats, unauthorized access, data breaches, and operational risks. The role will support the implementation, monitoring, and continuous improvement of the Bank’s information security framework, policies, standards, and compliance requirements in line with regulatory and industry best practices. Key Responsibilities Developing, implementing, and maintaining the Bank’s information security policies, procedures, standards, and guidelines. Monitoring the Bank’s ICT environment to identify, assess, and mitigate cybersecurity risks and vulnerabilities. Coordinating information security risk assessments, audits, and compliance reviews. Managing security incidents, investigations, reporting, and response activities to minimize operational disruptions and losses. Conducting continuous monitoring of network security, endpoint protection, access controls, and data protection measures. Supporting implementation and management of cybersecurity tools, systems, and technologies. Ensuring compliance with applicable regulatory requirements, data protection laws, and industry security standards. Coordinating user access management and reviewing system privileges to ensure appropriate segregation of duties and least privilege principles. Conducting staff awareness programs and trainings on information security and cyber hygiene. Preparing periodic information security reports, risk dashboards, and incident reports for management review. Liaising with internal auditors, external auditors, regulators, and service providers on information security matters. Supporting business continuity, disaster recovery, and cyber resilience initiatives within the Bank. Keeping abreast with emerging cybersecurity threats, trends, technologies, and best practices and advising management appropriately. Participating in implementation of ICT projects to ensure security requirements are integrated into systems and processes. Qualifications and Competencies Bachelor’s degree in Information Technology, Computer Science, Software Engineering, Cybersecurity, Information Systems, or a related field from a recognized institution. Professional certifications such as CISA, CISM, CISSP, CEH, CompTIA Security+, ISO 27001 Lead Implementer/Auditor, or related certifications will be an added advantage. At least three (3) years relevant work experience in information security, cybersecurity, ICT risk management, or related field, preferably in the banking or financial services sector. Demonstrated knowledge of information security frameworks, standards, and regulatory requirements. Proficiency in cybersecurity tools, network security, vulnerability management, and incident response processes.