Job Title: IT Risk and Data Protection Assistant Manager

Department: Risk Management

Reports to: IT Risk and Data Protection Manager

Location: Equity Bank HQ.

Job Purpose

The IT risk and Data Protection Assistant Manager will be responsible to oversee and support the bank in identifying, assessing, and mitigating IT and data protection risks while ensuring compliance with data protection laws, internal policies, procedures and security standards.

Key Responsibilities and Accountability

• Identify, assess, and document IT risks across systems, applications, and infrastructure.
• Maintain and update the IT risk register and risk treatment plans.
• Support implementation of risk controls and mitigation measures.
• Monitor risk indicators and report emerging IT risks.
• Support business continuity, disaster recovery, and incident management activities.
• Assist in the definition of the client’s technology risk appetite statements and monitor
• Key Risk Indicators (KRIs) against our technology risk appetite.
• Assist with the Technology Risk reporting operations, including scheduling key monthly meetings, monitoring key milestones, escalation of past due activities, problem triage and management, and archiving key monthly artifacts for audit purposes.
• Develop on going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area.
• Monitor bank’s adherence to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
• Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities.
• Inform and advise Equity Bank of their obligations pursuant to the Data Protection Laws.
• Monitor compliance with the Data Protection Laws and with the policies of the data controller or data processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in personal data processing operations, and the related audits.
• Provide advice where requested as regards the data protection impact assessment and monitor its performance.
• Cooperate with the supervisory authority and to act as its contact point on issues relating to processing of personal data, including the prior consultation with the supervisory authority, and to consult, where appropriate, with regard to any other matter.
• Working with key internal stakeholders in the review of projects to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments.
• Serving as the primary point of contact for queries in the business in regards to data Protection and Privacy.
• Reviewing Equity vendor contracts and consents needed to implement projects in partnership with the Bank’s Legal and Information Security functions, and ensuring compliance with local regulator requirements.
• Conduct risk assessment related to data handling and ensure the risk register is in place and is updated.
• Serve as the point of contact for our Technology Risk Management & Information Security team.

Key Critical Competence

Behavioural Skills

• Critical thinking and Problem-solving skills with the ability to analyse complex information to identify the key issue/action and drive resolution.
• Excellent organizational skills with attention to detail.
• Excellent interpersonal and communications skills, both orally and in written.
• Ethical and moral skills.
• Have good personal values.

Technical skills

• Knowledge and understanding of modern risk management standards, frameworks and practices.
• Knowledge of national and international regulatory environments and key regulatory regimes.
• Understanding of the national financial industry and business environment.
• Risk intelligence (critical thinking, creativity, and curiosity, research, surveys, interviews, brainstorming, and scenario planning, analysis emerging risk, forward looking).
• Risk ethics (risk culture, risk appetite, risk governance, and risk accountability
• Risk communication (communications skills, good listener, team player, positive attitude is a must, reports preparation, dashboard, presentation and communication about identified risk and control to be implemented).
• Risk ethics (risk culture, risk appetite, risk governance, and risk accountability).
•  Knowledge and experience of best practice Governance, Risk management and Compliance frameworks and methodologies.
• Excellent analytical, statistical and math skills with the ability to interpret vast amounts of performance data and be an IT literate.
• Strong understanding of IT coding, IT information security assessment, IT risk management.
• Interpret the Vulnerability assessment report and penetration Testing report
• Ability to test Incident response plan.
• Ability to conduct IT risk assessment and provide recommendation on identified loopholes.
• Ability to evaluate the IT environment and assess control in place and suggest any
• Improvement.
• Ability to assess adequacy of information security tool

Qualifications, Skills and Key Attributes

• A bachelor’s degree with Second Class upper-level majoring in computer Engineering, IT and information security.
• Minimum of 3 years’ experience in banking, especially in IT risk management.
• Expert knowledge of IT security and risk disciplines and practices
• Professional qualification in IT Risk Management and Data protection risk management is a MUST to have one of the certifications (Certified information system auditor (CISA), Certified Data protection officer (CDPO), Certified Information security manager (CISM)).
• Able to operate in a performance driven organization and culturally aware and adapt at working within multicultural settings.
• Attended Leadership training.

If you meet the above requirements, submit your application quoting the job opportunity you are applying for as subject of your email through the Link below by 11 th February 2026. Please include detailed Curriculum Vitae (in Word version or Pdf version not Pdf image), copies of the relevant certificates, testimonials, and daytime telephone contact and email address.

Only short-listed candidates will be contacted.

Link: https://equitybank.taleo.net/careersection/int_new/jobsearch.ftl?ftlcompclass=LoginComponent&lang=en

Equity Bank is an equal opportunity employer. We value the diversity of individuals, ideas, perspectives, insights, values and what they bring to the workplace.