Application Security Specialist

1. Define, document, and implement software security policy, secure coding practices and guidelines for the bank in line with industry best practices and technologies commensurate with risk and regulatory requirements.
2. Develop, implement, and maintain a software security assurance framework which that shall guide information security team in security and risk assessments of applications, as well as provide security requirements for developers and third parties to adhere to.
3. Lead Information Security involvement in all software and application implementation projects and scrum teams to ensure all applications and changes meet set information security requirements before introduction to production environments.
4. Collaborate with Enterprise Architecture and Business Services & Solutions teams to identify application/software security improvements and plug-in identified security controls in DevOps tools.
5. Perform and coordinate regular trainings on secure coding, software security and application security practices for the development and other KCB technology teams at regular intervals.
6. Collaborate in the continuous monitoring and defense of the Bank’s critical applications, such as core banking, and digital channels, for cybersecurity threat indicators; report on violations and security measures taken to address threats.
7. Identify, integrate, and maintain security tools, such as SAST and DAST tools (Static/Dynamic Application Security Testing), standards, and processes into the software development or product life cycle (SDLC / PLC), and CI/CD pipelines.
8. Participate in performing risk assessments for business solutions for inherent security risks and provide recommendations for addressing such risks.
9. Define, create, and deliver software/application security compliance reports and relevant metrics to the Bank’s Senior Management.
10. Protects the bank’s applications and systems by defining access privileges and other security control structures.

Education:

Particulars Detail Specific Field or Qualification Need Type4 Education Bachelor’s Degree

BSc. Information Technology /

Computer Science / Telecommunications / Engineering (Electrical, Electronic)

RQ   Professional Qualifications

• CDP: Certified DevSecOps Professional
• CSSLP: Certified Secure Software Lifecycle Professional
• CISM: Certified Information Security Manager
• CISA: Certified Information Systems Auditor
• CISSP: Certified Information Systems Security Professional

1 RQ

More than 1

- AA

  Master’s Degree MBA/MSc AA

Experience:

Total Minimum No of Years Experience Required 

                      5 

Detail 

Minimum No of Years 

Need Type[1]

Experience in Information Security 

2 

ES 

Strong Application Security 

knowledge, experience within Secure SDLC and DevSecOps 

1 

ES 

Experience in Banking Operations 

1 

ES 

Experience in Project Implementation and user training 

1 

DE 

 

KCB Group is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya – incorporated with effect from January 1, 2016 – and all KCB’s regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan. It also owns KCB Insurance Agency, KCB Capital, KCB Foundation, National Bank of Kenya, and all associated companies. The holding company was set up to among other things to enhance the Group’s capacity to access unrestricted capital and also enable investment in new ventures outside banking regulations, achieve operational and strategic autonomy for the Group’s operating entities and enhance corporate governance across the Group and oversight in the management of subsidiaries. Related documentation:  Group Name Change,   Name Change Certificate,  KCB Advise on Non-Operating Holding Company,  KCB Group Structure,  Kenya Gazette Notice.