Skip to content

Senior Manager – Information Security Governance, Data Protection and Compliance at HFC Limited

Expired
Job Overview
Employment FullTime
Location Nairobi Kenya
Experience At least 7 years
Education Level Bachelor's Degree
View More in Jobs > Information Technology (ICT)
svg background up
Opportunities Meet Aspirations

Senior Manager – Information Security Governance, Data Protection and Compliance

HFC Limited, the banking and property finance subsidiary of HF Group, has an exciting opportunity in our ICT Department. We are seeking a talented, dynamic, self-driven, and results-oriented individual who is committed to performance, excellence, and participating in our growth strategy.

This role will drive the governance and compliance roles within ICT Security function, by establishing the appropriate information technology and information security policy frameworks, driving compliance and best practice standards, and ensuring that risk management is well managed and enshrined within all ICT domains across the organization.

The role will steer the organization towards full compliance with the provisions of the Kenya Data Protection Act 2019 and any other related data protection/privacy laws.

This role will also manage the Business Continuity program for ICT, ensuring that ICT services are available to the business and customers in the event of any unforeseen disruption, within the agreed service levels (RPO and RTO).

Deadline: 2026-01-07

Category: Technology, Services & Operations

Subsidiary: HFC

Principle Accountabilities

A: Information Security Governance, Data Protection and Compliance Requirements

  • Data Protection and Privacy (30%) – Facilitate data privacy through transparent data protection policies, procedures and systems. Additionally, the role shall;

o  Act as point of contact with any supervisory authorities and internal teams on data processing-related issues

  • Identify and evaluate the organization’s data processing activities
  • Provide guidance in conducting Data Protection Impact Assessments (DPIAs)
  • Inform and advise the organization (data controller/data processor) and employees involved in data processing of their obligations to comply with Data Protection Act and other applicable regulations.
  • Monitor Compliance with the Data Protection Act, as well as internal polices related to various data protection activities, including awareness, training, and internal audits
  • Co-operate with the Data Commissioner and any other authority on matters relating to data protection.
  • Information Security Management System (ISMS) Benchmarking with industry best practice/standards (10%)
  • Provide guidance to ICT and drive technology best practices (COBIT, ISO 27001, PCI DSS), while enshrining these with the ICT policies and practices.
  • Regulatory Compliance (10%) – Keep up-to-date with regulatory guidelines (e.g. CBK prudential guidelines etc.) affecting information technology and information security, and continuously update the organization’s policies, standards and procedures
  • Risk & Audit Management (20%)
  • Manage risk management tools and practices within ICT; including Risk Control Self Assessments (RCSA) and ICT risk registers, across the organization.
  • Manage and act as the key liaison for all Internal and External ICT and IS audit and risk assessment engagements across the organization.
  • Track and report on ICT audit and risk findings, including managing ICT management forums for discussion and reporting of these findings.
  • Manage the Information Security Awareness program across the organization and with external stakeholders, including awareness trainings, tools and reporting.
  • Risk champion for the ICT department
  • Business Continuity Planning (10%)
  • Manage the ICT Business Continuity Program across the organization.
  • Manage the ICT Business Impact Analysis process and outputs.
  • In liaison with the other ICT stakeholders, maintain up-to-date disaster recovery plans and ensure recovery procedures are effective for restoration of key ICT systems and therefore resumption of critical business processes
  • Manage Disaster Recovery and backup testing schedules, reporting and remedial actions.
  • Regular monitoring and reporting on any significant gaps on ICT business continuity practices, including data replication and backups.

B: Cybersecurity Assurance Requirements

  • System user access management (10%) – maintain a robust program for system user access management.
  • Business projects assurance (10%)
  • Participate and contribute towards developing and supporting progressive ICT practices (e.g. agile, DevOps)
  • Provide ICT security assurance to business projects to ensure that any new products, services, channels and other ICT changes introduced meet the security compliance threshold.

Key Competencies and Skills

Technical Competencies

  • Knowledge to develop and manage Information Security strategy and policy frameworks.
  • Technical skills to effectively perform IS security management activities/tasks in a manner that consistently achieves established quality standards or benchmarks.
  • Knowledge of the Kenya Data Protection Act (2019) and related laws as well as applicable CBK Prudential Guidelines on data protection and privacy.
  • Knowledge to develop and manage Business Continuity and Disaster Recovery plans and processes.
  • Knowledge and effective application of all relevant banking policies, processes, procedures and guidelines to consistently achieve required compliance standards or benchmarks.
  • Knowledge and application of modern IS security management practices and best practice compliance standards in financial services industry, to proactively define and implement security quality improvements in line with technological and product changes.
  • Performance management to optimise personal and team productivity.

Behavioural Competencies:

  • Interpersonal skills to effectively communicate with and manage expectations of all team members and other stakeholders who impact performance.
  • Self-empowerment to enable the development of open communication, teamwork and trust that are needed to support true performance and a customer-service-oriented culture.
  • Demonstrable integrity and ethical practices.

Minimum Qualifications, Knowledge and Experience

Ideal Job Specifications

  • Bachelor’s Degree in, Information Systems, Computer Science, Information Security or related field required
  • At least 7 years’ experience in IT, Information Security or IT Governance, with 2 years in a managerial role within a highly digitized organization.
  • 3+ years’ experience conducting IT compliance assessments or IT governance and assurance/compliance assessments in an organization
  • Relevant certifications in information security knowledge areas, such as Information Systems Audit, Information Security Management and Business Continuity/Disaster Recovery.
  • Knowledge of information security best practice & compliance standards.
  • Knowledge and experience in audit management and reporting
  • Knowledge of relevant CBK Prudential Guidelines and laws applicable to data protection and privacy.
  • Prior experience working within a financial service organization will be an added advantage
Read More & Apply

Share This Post
Don't miss out on new jobs listing! Follow our channels Today WhatsApp Channel
Disclaimer Opened Career is a free job-posting website that does not charge applicants. We do not support recruitment agents or entities that demand money or favors to expedite the hiring process. Please use our platform responsibly and report any suspicious activity.
Why Opened Career
OUR OBJECTIVES
At Opened Career, we prioritize inclusivity, diversity, and equal opportunities for all individuals, regardless of their backgrounds or experiences. We believe in creating a level playing field where every candidate has the chance to showcase their skills and potential, and every employer has access to a diverse pool of qualified candidates.
CORE VALUES
Innovation
Integrity
Team Work
Excellence
Customer Focus
Professionalism
Filters & Sorting
Select Specialism