IT Governance Officer at Equity Bank Kenya

IT Governance Officer at Equity Bank Kenya

Key Responsibilities:

1. IT Governance Framework Development and Management:

· Design, implement, and continuously improve the bank’s IT governance framework in alignment with recognized standards such as COBIT, ITIL, and ISO/IEC 27001.

· Develop and maintain IT governance policies, procedures, standards, and guidelines to ensure consistent and controlled IT operations across the organization.

· Establish governance structures including IT steering committees, governance boards, and review mechanisms to oversee IT decision-making and accountability.

· Ensure IT strategies and investment decisions are aligned with the bank’s overall business goals and long-term strategic plan.

2. IT Risk Management and Compliance:

· Lead the identification, assessment, and monitoring of IT-related risks, and maintain an up-to-date IT risk register in accordance with the bank’s enterprise risk management framework.

· Ensure IT operations comply with applicable regulatory requirements, including Central Bank directives, PCI DSS, ISO 27001, GDPR, and other relevant standards.

· Coordinate and facilitate IT-related internal and external audits, regulatory inspections, and compliance assessments, ensuring timely and accurate responses to findings.

· Monitor the implementation of audit recommendations and regulatory directives, tracking remediation progress and reporting status to senior management.

· Conduct regular IT compliance reviews and gap analyses to proactively identify areas of non-compliance and implement corrective actions.

3. IT Policy and Standards Administration:

· Develop, review, and maintain all IT-related policies, procedures, and standards, ensuring they remain current, relevant, and aligned with regulatory and business requirements.

· Drive the periodic review and update cycle for IT policies, facilitating approval through appropriate governance channels.

· Monitor adherence to IT policies and standards, reporting exceptions and non-compliance incidents to relevant stakeholders.

4. IT Performance Monitoring and Reporting:

· Define, implement, and monitor key performance indicators (KPIs) and key risk indicators (KRIs) for IT operations to measure performance against established targets.

· Prepare and present regular IT governance reports and dashboards for senior management, the Board, and relevant committees, providing insights into IT performance, risk posture, and compliance status.

· Conduct IT maturity assessments and benchmarking exercises to evaluate the effectiveness of the IT governance framework and identify improvement opportunities.

5. IT Asset and Vendor Governance:

· Oversee the IT asset lifecycle management process, ensuring proper acquisition, utilization, maintenance, and disposal of IT assets in line with policy and regulatory requirements.

· Support the governance of third-party IT vendors and service providers, including contract reviews, SLA monitoring, and periodic vendor risk assessments.

· Ensure IT procurement decisions adhere to the bank’s procurement policies, approval frameworks, and value-for-money principles.

6. Information Security Governance:

· Collaborate with the IT Security team to ensure that information security policies, controls, and practices are embedded within the overall IT governance framework.

· Participate in the review and approval of security incident response plans and business continuity procedures from a governance perspective.

7. Stakeholder Engagement and Advisory:

· Act as a trusted advisor to senior management, IT leadership, and business units on IT governance, risk, and compliance matters.

· Facilitate training and awareness programs to promote understanding of IT governance principles, policies, and responsibilities across the organization.

· Liaise with regulatory bodies, external auditors, and industry peers to stay abreast of emerging regulatory requirements and governance best practices.

· Support the IT department in embedding governance considerations into project planning, change management, and service delivery processes.

8. Documentation and Records Management:

· Maintain a comprehensive repository of IT governance documentation, including policies, risk registers, audit logs, compliance records, and committee minutes.

· Ensure all governance-related records are maintained accurately and are readily accessible for internal reviews, audits, and regulatory inspections.

· Produce high-quality governance reports, briefing papers, and presentations for Board-level and executive audiences.

· Maintain version control and change history for all governance documents to ensure traceability and accountability.

Qualifications:

Education:

• Bachelor’s degree in computer science, Information Technology, Information Management, or a related field.

• A postgraduate qualification in IT Governance, Risk Management, or a related discipline is an added advantage.

Experience:

• Minimum of 5 years of experience in IT governance, IT risk management, or IT compliance preferably within the banking or financial services sector.

• Demonstrated experience in developing and implementing IT governance frameworks (e.g., COBIT, ITIL, ISO 38500).

• Proven experience working with internal and external auditors, as well as regulatory bodies, in an IT governance or compliance capacity.

Certifications (Preferred):

• ITIL Foundation Certification or higher

• ISO/IEC 27001 Lead Implementer or Lead Auditor

• Certified Information Systems Auditor (CISA) — ISACA

Technical Skills:

• Strong knowledge of IT governance frameworks and standards including COBIT, ITIL, ISO 38500, ISO/IEC 27001, and NIST.

• Understanding of banking regulatory requirements and technology-related compliance obligations (e.g., PCI DSS, GDPR, Central Bank IT regulations).

• Working knowledge of IT project management methodologies (e.g., PRINCE2, PMP) and their governance implications.