Information Risk Analyst – KCB Bank Kenya

About KCB Bank Kenya
Kenya Commercial Bank (KCB) is a diversified financial services group and the largest commercial bank in Kenya. Established as a non-banking holding company in January 2016, it oversees KCB Kenya and regional subsidiaries in Uganda, Tanzania, Rwanda, Burundi, Ethiopia, and South Sudan. The group also manages affiliated entities such as KCB Insurance Agency, KCB Capital, and the KCB Foundation. The holding structure supports operational flexibility, improved access to capital, and strategic autonomy for subsidiaries, while strengthening governance and risk oversight.

Information Risk Analyst
Location: Kisumu, Kenya (Remote)
Job Type: Contract
Qualification: BA/BSc/HND, Diploma
Experience: Minimum 5 years
Job Field: ICT / Computer
Language Requirement: English
Compensation: Estimated KES 380,000 per month (task-based, dependent on deliverables)

As an Information Risk Analyst, you will be responsible for identifying, assessing, and managing risks related to the bank’s information systems. You will provide expert advice on security best practices during system development, conduct vulnerability assessments, and coordinate risk mitigation strategies across the organization and its subsidiaries. This role ensures compliance with internal security frameworks and enhances the institution’s resilience against evolving cyber threats.

Key Responsibilities
Conduct regular IT risk assessments to detect potential vulnerabilities and ensure mitigation strategies are implemented effectively. Provide security guidance during the development of applications and e-products to embed risk management principles early in the lifecycle. Evaluate operating systems, web applications, and databases for security risks and prepare actionable reports for management. Assess logical and physical access controls to maintain robust system security. Participate in penetration testing exercises to identify and address vulnerabilities within the bank’s IT infrastructure. Review and authorize deployment of new systems to the live environment, ensuring security controls are in place. Manage self-assessments, gap analyses, and risk acceptances in collaboration with internal teams and compliance units. Liaise with Risk Heads in regional subsidiaries to align risk mitigation efforts with Group standards. Stay ahead of emerging threats and collaborate with IT teams to reinforce cybersecurity posture across all platforms.

Candidate Requirements
Bachelor’s degree in Computer Science, Information Security, or related field. Recognized professional certifications such as CISSP, CISA, CISM, or CRISC. A Master’s degree is an added advantage. Minimum 4 years’ experience in IT-related roles, including 2 years in information risk management, 2 years in systems auditing, and 2 years in information security. At least 1 year of experience in digital forensics is preferred. Proficiency in change and project management processes is also essential.