IT Governance Officer at Equity Bank Kenya
Key Responsibilities:
1. IT Governance Framework Development and Management:
· Design, implement, and continuously improve the bank’s IT governance framework in alignment with recognized standards such as COBIT, ITIL, and ISO/IEC 27001.
· Develop and maintain IT governance policies, procedures, standards, and guidelines to ensure consistent and controlled IT operations across the organization.
· Establish governance structures including IT steering committees, governance boards, and review mechanisms to oversee IT decision-making and accountability.
· Ensure IT strategies and investment decisions are aligned with the bank’s overall business goals and long-term strategic plan.
2. IT Risk Management and Compliance:
· Lead the identification, assessment, and monitoring of IT-related risks, and maintain an up-to-date IT risk register in accordance with the bank’s enterprise risk management framework.
· Ensure IT operations comply with applicable regulatory requirements, including Central Bank directives, PCI DSS, ISO 27001, GDPR, and other relevant standards.
· Coordinate and facilitate IT-related internal and external audits, regulatory inspections, and compliance assessments, ensuring timely and accurate responses to findings.
· Monitor the implementation of audit recommendations and regulatory directives, tracking remediation progress and reporting status to senior management.
· Conduct regular IT compliance reviews and gap analyses to proactively identify areas of non-compliance and implement corrective actions.
3. IT Policy and Standards Administration:
· Develop, review, and maintain all IT-related policies, procedures, and standards, ensuring they remain current, relevant, and aligned with regulatory and business requirements.
· Drive the periodic review and update cycle for IT policies, facilitating approval through appropriate governance channels.
· Monitor adherence to IT policies and standards, reporting exceptions and non-compliance incidents to relevant stakeholders.
4. IT Performance Monitoring and Reporting:
· Define, implement, and monitor key performance indicators (KPIs) and key risk indicators (KRIs) for IT operations to measure performance against established targets.
· Prepare and present regular IT governance reports and dashboards for senior management, the Board, and relevant committees, providing insights into IT performance, risk posture, and compliance status.
· Conduct IT maturity assessments and benchmarking exercises to evaluate the effectiveness of the IT governance framework and identify improvement opportunities.
5. IT Asset and Vendor Governance:
· Oversee the IT asset lifecycle management process, ensuring proper acquisition, utilization, maintenance, and disposal of IT assets in line with policy and regulatory requirements.
· Support the governance of third-party IT vendors and service providers, including contract reviews, SLA monitoring, and periodic vendor risk assessments.
· Ensure IT procurement decisions adhere to the bank’s procurement policies, approval frameworks, and value-for-money principles.
6. Information Security Governance:
· Collaborate with the IT Security team to ensure that information security policies, controls, and practices are embedded within the overall IT governance framework.
· Participate in the review and approval of security incident response plans and business continuity procedures from a governance perspective.
7. Stakeholder Engagement and Advisory:
· Act as a trusted advisor to senior management, IT leadership, and business units on IT governance, risk, and compliance matters.
· Facilitate training and awareness programs to promote understanding of IT governance principles, policies, and responsibilities across the organization.
· Liaise with regulatory bodies, external auditors, and industry peers to stay abreast of emerging regulatory requirements and governance best practices.
· Support the IT department in embedding governance considerations into project planning, change management, and service delivery processes.
8. Documentation and Records Management:
· Maintain a comprehensive repository of IT governance documentation, including policies, risk registers, audit logs, compliance records, and committee minutes.
· Ensure all governance-related records are maintained accurately and are readily accessible for internal reviews, audits, and regulatory inspections.
· Produce high-quality governance reports, briefing papers, and presentations for Board-level and executive audiences.
· Maintain version control and change history for all governance documents to ensure traceability and accountability.
Qualifications:
Education:
• Bachelor’s degree in computer science, Information Technology, Information Management, or a related field.
• A postgraduate qualification in IT Governance, Risk Management, or a related discipline is an added advantage.
Experience:
• Minimum of 5 years of experience in IT governance, IT risk management, or IT compliance preferably within the banking or financial services sector.
• Demonstrated experience in developing and implementing IT governance frameworks (e.g., COBIT, ITIL, ISO 38500).
• Proven experience working with internal and external auditors, as well as regulatory bodies, in an IT governance or compliance capacity.
Certifications (Preferred):
• ITIL Foundation Certification or higher
• ISO/IEC 27001 Lead Implementer or Lead Auditor
• Certified Information Systems Auditor (CISA) — ISACA
Technical Skills:
• Strong knowledge of IT governance frameworks and standards including COBIT, ITIL, ISO 38500, ISO/IEC 27001, and NIST.
• Understanding of banking regulatory requirements and technology-related compliance obligations (e.g., PCI DSS, GDPR, Central Bank IT regulations).
• Working knowledge of IT project management methodologies (e.g., PRINCE2, PMP) and their governance implications.
