Society Vision: To redefine financial wellness

Stima DT Savings and Credit Cooperative Society Limited (Stima Sacco) is a leading country-wide, fast growing and licensed DTS (Deposit Taking Sacco). In order to achieve the planned growth, the Sacco is looking for a qualified and competent person to fill the following vacancy:

ICT RISK & QUALITY ASSURANCE OFFICER

Reporting to the Head of Risk, the job holder will be responsible for management of Society’s ICT Risk Framework and its associated controls, including Business Continuity and Disaster Recovery.

Key Duties and Responsibilities

  1. Develop and Operationalize the Sacco’s ICT Risk Management Framework.
  2. Conduct ICT Vulnerability and Penetration Test and follow-up on implementation of appropriate safeguards for identified vulnerabilities.
  3. Spearhead the Cyber Security efforts in the Society jointly with ICT team and conduct continuous awareness for staff.
  4. Conduct ICT Projects and Product Risk Assessments and Quality Assurance and report to the Management.
  5. Review the adherence and or compliance with Society Disaster Recovery Policy and conduct regular disaster recovery tests of the Disaster Recovery (DR) site.
  6. Champion review of the Society’s Business Continuity Management (BCM) Policy and implementation to fit the required standards and or best practices.
  7. Review and monitor on a continuous basis adherence and compliance with Society ICT policies, assessing the adequacy, effectiveness of ICT General and Application controls
  8. Conduct regular system data analytical reviews to identify and escalate exceptions about Society policies and procedures.
  9. Participate in appropriate Application System Testing activities including the implementation of the Society’s Business Intelligence module.
  10. Participate in conduct of Society-wide Risk Awareness Training for all Departments and Branches at the Society with specific emphasis on system based risk and control issues.
  11. Participate in conduct of Society-wide (Departmental, Branch, Project and Product- level) Risk Assessments and accompanying Risk Response Action Plans.
  12. Participate in development and Implementation of a Risk Monitoring and Reporting Framework for monitoring the implementation of the RAF and the Society-wide Risk Response Plans.
  13. Participate in initiation of the development and implementation of a Risk Management Dashboard with emphasis on ICT based parameters.
  14. Monthly and quarterly reporting to the Management Risk Committee and the Board Audit Risk and Compliance Committee respectively.
  15. Suggest methods to improve ICT risk analysis and reporting to the Management Risk Committee, and the Board Risk Committee

Skills and Qualifications

  • A Bachelor’s degree in Computer Science, Business and ICT or related field from a recognized University.
  • Possess professional qualification such as CEH, CISSP, CRISC, CISA, CISM or other related field.
  • Certifications in ICT Security, Audit and Risk Management and or other relevant training shall be an added advantage;
  • A minimum of five (5) years working experience in ICT, Banking Operations, Audit, Risk Management and/or Compliance practices, with at least two (2) in ICT Security environment.
  • Comprehensive understanding of ICT Project Management, Quality Assurance, Cyber Security, Secure Application Development, Business Continuity and Disaster Recovery concepts.
  • Comprehensive knowledge of ERM concepts, operations and ICT risk management concepts.
  • High analytical skills to be able to challenge status quo based on qualitative facts and impacts.
  • Demonstrate excellent report writing and presentation skills.
  • The candidate should be of the highest ethical standards, integrity and professionalism.

Qualified applicants should send their Application Letter and Detailed CVs to This email address is being protected from spambots. You need JavaScript enabled to view it. on or before 5pm on 1st October 2019 indicating the position applied for as the subject line.

Only Shortlisted Candidates will be contacted.

[Download PDF]