Description

The IT risk and Data Protection Assistant Manager will be responsible to oversee and support the bank in identifying, assessing, and mitigating IT and data protection risks while ensuring compliance with data protection laws, internal policies, procedures and security standards.

Key Responsibilities and Accountability

• Identify, assess, and document IT risks across systems, applications, and infrastructure.
• Maintain and update the IT risk register and risk treatment plans.
• Support implementation of risk controls and mitigation measures.
• Monitor risk indicators and report emerging IT risks.
• Support business continuity, disaster recovery, and incident management activities.
• Assist in the de­finition of the client’s technology risk appetite statements and monitor Key Risk Indicators (KRIs) against our technology risk appetite.
• Assist with the Technology Risk reporting operations, including scheduling key monthly meetings, monitoring key milestones, escalation of past due activities, problem triage and management, and archiving key monthly artifacts for audit purposes.
• Develop on going technology risk reporting, monitoring key trends and de­fining metrics to regularly measure control effectiveness for own area.
• Monitor bank’s adherence to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
• Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities.
• Inform and advise Equity Bank of their obligations pursuant to the Data Protection Laws.
• Monitor compliance with the Data Protection Laws and with the policies of the data controller or data processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in personal data processing operations, and the related audits.
• Provide advice where requested as regards the data protection impact assessment and monitor its performance.
• Cooperate with the supervisory authority and to act as its contact point on issues relating to processing of personal data, including the prior consultation with the supervisory authority, and to consult, where appropriate, with regard to any other matter.
• Working with key internal stakeholders in the review of projects to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments.
• Serving as the primary point of contact for queries in the business in regards to data Protection and Privacy.
• Reviewing Equity vendor contracts and consents needed to implement projects in partnership with the Bank’s Legal and Information Security functions, and ensuring ­compliance with local regulator requirements.
• Conduct risk assessment related to data handling and ensure the risk register is in place and is updated.
• Serve as the point of contact for our Technology Risk Management & Information Security team.

Qualifications

• A bachelor’s degree with Second Class upper-level majoring in computer Engineering, IT and information security.
• Minimum of 3 years’ experience in banking, especially in IT risk management.
• Expert knowledge of IT security and risk disciplines and practices
• Professional quali­fication in IT Risk Management and Data protection risk management is a MUST to have one of the certifications (Certi­fied information system auditor (CISA), Certified Data protection officer (CDPO), Certified Information security manager (CISM)).
• Able to operate in a performance driven organization and culturally aware and adapt at working within multicultural settings.
• Attended Leadership training.

Organization: Institutional Banking.

Employment Type: Regular

Job Level: Non-Management

Job Shift: Day Job

Job Posting: Feb 3, 2026, 5:19:17 PM

• Identify, assess, and document IT risks across systems, applications, and infrastructure.
• Maintain and update the IT risk register and risk treatment plans.
• Support implementation of risk controls and mitigation measures.
• Monitor risk indicators and report emerging IT risks.
• Support business continuity, disaster recovery, and incident management activities.
• Assist in the de­finition of the client’s technology risk appetite statements and monitor Key Risk Indicators (KRIs) against our technology risk appetite.
• Assist with the Technology Risk reporting operations, including scheduling key monthly meetings, monitoring key milestones, escalation of past due activities, problem triage and management, and archiving key monthly artifacts for audit purposes.
• Develop on going technology risk reporting, monitoring key trends and de­fining metrics to regularly measure control effectiveness for own area.
• Monitor bank’s adherence to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
• Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities.
• Inform and advise Equity Bank of their obligations pursuant to the Data Protection Laws.
• Monitor compliance with the Data Protection Laws and with the policies of the data controller or data processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in personal data processing operations, and the related audits.
• Provide advice where requested as regards the data protection impact assessment and monitor its performance.
• Cooperate with the supervisory authority and to act as its contact point on issues relating to processing of personal data, including the prior consultation with the supervisory authority, and to consult, where appropriate, with regard to any other matter.
• Working with key internal stakeholders in the review of projects to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments.
• Serving as the primary point of contact for queries in the business in regards to data Protection and Privacy.
• Reviewing Equity vendor contracts and consents needed to implement projects in partnership with the Bank’s Legal and Information Security functions, and ensuring ­compliance with local regulator requirements.
• Conduct risk assessment related to data handling and ensure the risk register is in place and is updated.
• Serve as the point of contact for our Technology Risk Management & Information Security team.

• Expert knowledge of IT security and risk disciplines and practices
• Data protection laws compliance
• Risk assessment and management
• Business continuity and disaster recovery planning
• Incident management
• Technology risk reporting
• Internal policy adherence
• Enterprise frameworks and methodologies
• Data protection impact assessment
• Vendor contract review

• A bachelor’s degree with Second Class upper-level majoring in computer Engineering, IT and information security.
• Professional quali­fication in IT Risk Management and Data protection risk management is a MUST to have one of the certifications (Certi­fied information system auditor (CISA), Certified Data protection officer (CDPO), Certified Information security manager (CISM)).
• Attended Leadership training.