New Vacancies opportunities at Equity Bank Kenya – May 2024

Talent Operations- Product House

Job Purpose 

The role will be responsible for developing and implementing strategies to maximize utilization across the delivery teams in the Product House, track time and cost associated with ongoing projects from a talent perspective and manage relationships with Talent Vendors.

Job Overview 

The Talent Operations function is responsible for coordinating Talent Requirements between the Product House and the HR Team. This role involves working with Delivery teams to identify Talent Requirements based on the Project Pipeline(s), managing a Talent Database containing all Talent Biodata and task allocation. The Talent Operations Head plays a pivotal role in aligning HR and operations functions with the organization’s goals, ensuring efficiency, and maintaining compliance.


Talent Management & Acquisition: 

  • Maintaining a database with all Talent details, and updating as and when necessary, based on team or project reassignment, promotions and/or role changes, Contract end date, etc.
  • Working with the Recruiting team from HR to onboard required Talent in alignment with the Delivery Team requirements and the overall Organization objectives.


  • Reporting to various stakeholders on multiple tracking metrics regarding the Talent pool, and open roles.

Vendor Management: 

  • Build and maintain relationships with existing and new vendors and advising in which roles and/or project types can be outsourced to which vendors based on their strengths and capabilities.
  • Coordinate time sheets.

Operations Management: 

  • Oversee administrative and operational functions, such as facilities management, procurement, vendor relationships, and office services.
  • Ensure efficient and cost-effective operations.
  • Track expenses, identify cost-saving opportunities, and report on financial performance.

Training and Development: 

  • Coordinate, together with HRBP employee training and development programs to enhance skills and knowledge.
  • Identify opportunities for continuous learning and growth.

Employee Relations: 

  • Manage employee relations, address concerns, and ensure a positive workplace culture.
  • Develop and enforce Group policies and procedures.



  • A bachelor’s degree in business administration, human resources, management, or a related field.


  • Five (5) years of relevant experience in HR management, operations management, work force planning, demand planning or a related field.
  • Experience with Smart-sheets will be an added advantage.
  • Experience in a Technology environment will be an added advantage.


  • Strong understanding of HR principles, practices, and employment laws.
  • Knowledge of operations management, process improvement, cost control and demand planning.


  • Strong leadership and managerial skills.
  • Excellent communication and interpersonal skills.
  • Excellent influencing skills
  • Analytical and problem-solving abilities.
  • Advanced Spreadsheet skills
  • Financial management and budgeting skills.
  • Proficiency in using technology and software relevant to HR and operations.

go to method of application »

Senior Manager, Security Governance & Technical Assurance


Mission/ Core purpose of the Job: 

This role is responsible for embedding and maintaining technical security control requirement across the Equity network, infrastructure and systems.

Responsibilities include ensuring that appropriate security controls are implemented in the organisation by continuously reviewing and updating the policies, operational technology and security processes and standards in alignment to latest global threats, ensuring optimal performance of the services and identify control efficiencies in how security is operated across all domains. The incumbent will also perform continuous technical security assurance on all Technology service areas to ensure audit compliance and minimized risk exposure.


  • The individual needs to be able to work in a highly pressured planning and operational banking and technology environment
  • ISO 27001, OWASP, NIST, SANS and POPI
  • Fast changing, regulated business environment.
  • Security is managed cross business and IT functions, in at least 7 markets

The Group Information Security area has to deal with the rapid advancement of systems and technology within the following areas:

  • Various Technology platforms enabling many business and banking functions
  • Deal with and environment that is highly regulated and legislated
  • 3rd Parties and the driving of these through supplying vendors fully fledged and detailed specifications and driving them in the fulfilment of these Requirement for single version of the truth across Equity Group
  • High data volumes

Key Performance Areas: Core, essential responsibilities / outputs of the position (KPA’s)

Technical Excellence:

  • Provide assurance that Equity Group’s assets are effectively managed and monitored to meet Equity security requirements – first-line management assurance.
  • Analize known and emerging threats to determine risks against Equity assets.
  • Review and document Information Security Policies, Processes and Procedures and meet governance in terms of legislative and audit requirements and provide consultation to business with regard to this.
  • Identification and management of information security risks within Equity by identifying, defining and maintaining the information security policy and functional standards for the organisation.
  • Create and continuously review security governing principles to guide information, technology, and solution decision making for Equity
  • Develop Group’s Critical Controls and Compliance universe, and drive the implementation of control mechanisms, which enable Information Security function to effectively manage the true status of information security within Equity.
  • Report on mitigating actions required to correct or remedy actions where necessary and inform IT Teams and relevant Business units of any significant changes and risk situations.
  • Consult to projects in terms of identifying risks, vulnerabilities and controls.
  • Perform first-line Security Assessments on internal environments and 3rd party environments, with the purpose of identifying shortcomings which risk to Equity and drive remedial actions.
  •  Coordinate reporting and action plans in the event that a security incident does occur
  • Conduct monthly security service/ posture reviews across the environment and present reports to the relevant subsidiaries, business units and governance committees.
  •  Represent Information Security in the relevant business areas in Equity as well as various IT/ risk or Security committees and forums within Equity.
  •  Provide on-going subject matter expert level consultation to Equity project and operational teams, application owners, and other technology and network teams on relevant security controls requirements.
  • Ensure optimal performance of the security services and identify control efficiencies in how security is operated across all security domains.
  • Track and drive implementation of Technical Security Standards across the technology platforms.
  • Review and track all risk accepted and exception items and assist to build and manage the security compliance universe. Consult to projects (Business and Technology) in terms of identifying risks and specific vulnerabilities and controls for new implementations.

Operational Delivery:

  • Perform first-line management assurance on technical controls to minimise audit impact and risk exposure
  • Model threats and risks as well as the controls necessary to mitigate them, on both an organisational and technical level – thinking like a malicious
    hacker, understanding and anticipating the moves and tactics that a hacker might use to attack Equity systems.
  • Work closely with the Technology teams to identify and select the right security controls to protect Equity’s network & IT infrastructure, cloud and IoT
    solutions: define functional and non-functional security requirements and criteria to conduct technology evaluation and selection.
  • Manage and run governance for Group Information Security function and drive the implementation of security governance and ensure adherence to it.
  • Foster a security-conscious culture within Equity IT, Operational and Business teams.
  • Collaborate with Technology teams to ensure that technical plans are practical, controls are sustainable, and implementation is managed to minimize risk and adverse impact to network, servers, workstations and user productivity.
  • Document and operationalize the processes and procedures necessary to sustain the security posture of the environment as well as processes to monitor security related control break-downs in the environment
  • Support Enterprise Risk Management in security related issues and investigations
  • Conduct Research and develop/ maintain policies to ensure they cater for new threats and technologies.
  • Develop, monitor and measure the deployment of security standards
  • Ensure procurement practices adhere to security protocols and security is embedded into the procurement process consistently.
  • Work with internal stakeholders to define action plans to close or mitigate security findings of auditors
  • Proactively test for security related issues and propose remedial plans.
  • Manage security deliverables for programmes related to Privacy legislation across the markets within which Equity operates.
  • Drive implementation and tracking of Critical Controls.
  • Report on any residual risk, and other security exposures against the proposed security standards and policies including misuse of information assets and non-compliance.
  • Measure and report on the effectiveness of Information Security management and control activities to appropriate governance committees.
  • Report at risk and audit committees and manage the actionable outcomes related to security.

Tactical planning:

  • Manage and develop the capability of the team to deliver security services needs of Equity Group.
  • Partner with business leaders and peer-level managers to assess the technological cost and impact of recommended changes, help clarify priorities, and coordinate cross-organizational/ subsidiary consortia where common needs have been identified.
  • Assess risks and the effects of specific requirements on other subsidiaries business processes and system priorities to ensure security services are aligned with business strategic objectives.
  • Identify high risk/priority security areas for improvement
  • Work closely with Finance teams in Group and Subs to ensure budgets and cost recovery procedures are in place and working effectively
  • Build a strong relationship with Subsidiary leadership to ensure delivery

Managerial / Supervisory Responsibilities
Supervisory / Leadership / Managerial Complexity: 

  • Recruit, develop and retain people with outstanding skills, qualifications and potential.
  • Performance management and identification of training needs.
  • Accountable for a customer-centric culture and shift to legendary service provision.
  • Employee relations and collaborative teamwork.
  • Coaching and guidance of subordinates.
  • Build professionalism, loyalty and commitment to the organization.
  • Communicate actively and effectively resolving any potential conflicts that may arise.
  • Living the Equity Brand – changing and influence employees’ behaviour.
  • Clarify roles within the team to enhance collaboration and results
  • Reward practices conducive to building individuals and team confidence
  • Optimal human resource allocation / redeployment in line with strategic objectives
  • Manage conflict proactively and monitor disciplinary and grievance actions and trends
  • Train, motivate & develop resources
  • The role requires management and supervision of the activities of a number of Team members across the Group and subsidiary functions IT & Operations who need to implement and remediate required controls.

Creativities (improvement/innovation inherent): 

  • Measures to be implemented to improve security across Technology environments
  • Measures to be implemented to improve operational efficiency and effectiveness in the Operating environment
  • Influence management decision making in security related aspects
  • Pro-active
  • Champion of quality and doing things right the first time
  • Sharing of knowledge and security skills

Role Complexity: 

  • Matrix management for security planning
  • Management of security control environment across at least 13 domains in all the Technology functions and in atleast 7 markets OF Equity Group
  • Management commitment

Budgets/ Financial Input:

  • Assist with management of Security budgets in line with business objectives and facilitate forecasting. Includes yearly CAPEX Plans and tracking spend through the year
  • Manage project initiative budgets in line with business objectives
  • Drive initiatives that will ensure that the “cost of operations” are reduced, in line with a least cost operating strategy stemming from the business drivers
  • Assist with contract negotiations and driving to conclusion


Minimum Requirements:


  • Minimum of 3 years tertiary qualification (degree/ national diploma) pr equivalent in Information Technology
  • Security certification e.g. CISSP & CISM essential
  • Other qualifications (ITIL, TMF, COBIT) advantage
  • Fluent in English


  •  Min of 6 years in IT, 2 of which as an Information Security Senior Specialist or Manager in a large enterprise environment essential
  • Experience in Banking or Telco industry advantageous
  •  Experience should ideally span multiple security domains ranging from security risk and governance, Data Loss Prevention, Authentication, Malware, Network Security, Applications and Operations Systems and Security across platform / database /network
  •  Must have a wide breadth of knowledge and experience across security products, tools, and industry trends
  • Knowledge of current security risks and protocols as well as good working knowledge of technical risk management and assessments
  • Ability to interact with a broad cross-section of personnel to explain and enforce security measures
  • Ability to maintain a high level of discretion and personal integrity in the exercise of duties, including the ability to professionally address confidential matters
  • Expert knowledge of regulatory compliance requirements (PCI-DSS, ISO 27001, GDPR, etc.)
  • Excellent written and verbal communication skills as well as business acumen and a commercial outlook
  • Good analytic and problem-solving skills
  • Ability to work under pressure, as well as the ability to take independent initiative when needed.


  • Security certification courses
  • Microsoft certifications
  • Systems/Database/Network administration training
  • Some training on Oracle, SUN Solaris and Linux is also required
  • Training on any scripting language
  • IP network related training
  • Cloud security training
  • Architect and design certifications


Head – Big Picture Focus (20)

  • Strategy Implementers – Ensures execution of strategies through creating and implementing tactical plans for others to follow
  • Decisive Problem Solver – Has the mental agility to identify business challenges and explore effective solutions through effective influencing
  • Best Practice Value Creator – Encourages commercial innovation and continuous improvement for systems, processes, products and service offerings

Heart – Emotionally Intelligent (30)

  • Culture and Change Champion – Role models ethical practices by living the EQUITY values and vital behaviours for others to follow
  • Guiding People Manager – Is self-aware and guides team capability development through opportunity creation for realising potential
  • Relationship Builder – Builds relationships across the business in order to influence decision-makers and build team credibility

Hands – Results Focused (40)

  • Results Achiever – Produces sustainable divisional results through ethical practices
  • Operationally Astute – Sets priorities, plans, organizes and co-ordinates the work of others

General working conditions:

  • Target driven and cyclic in nature
  • Long, irregular hours and tight deadlines during peak periods
  • Must be willing to travel and operate in different markets when required
  • Required to work from home from time to time
  • Overtime and standby as required

KPA Quality Standards:

  • Security settings deployed – alignment to Equity security standards and best practices
  • Number of server and client systems to which the security standards are deployed
  • Degree of impact to systems and users while deploying standards
  • Security settings deployed counter Equity risks, e.g. theft of intellectual property, information leakage
  • Speed with which security settings are deployed
  • Completeness and accuracy of documentation
  • Sustainability of processes implemented
  • Expenditure within budget
  • Quality of source data in terms of completeness, accuracy and timeliness
  • Objectives of area met
  • Collaboration with all key stakeholders
  • Drives short term actions consistent with long term goals.
  • User/customer satisfaction/feedback
  • Capex and Opex vs budget
  • Project Metrics (In time, cost + quality)
  • Systems availability
  • Timely delivery of information to internal customers (reporting, dashboards etc)
  • High levels of automation of data processing and reporting
  • Incorporation of new technology
  • Alignment to Equity Strategy

go to method of application »

Lead, Security Technology Roadmap & COE

Job Purpose: 

The Lead, Security technology specialist provides a demonstrated holistic mastery and in-depth understanding of existing and emerging system, infrastructure and network security technologies in a complex environment and provides guidance on information security processes, controls, and compliance, and information security risk management.

Job Responsibilities/ Accountabilities: 

  • Measure the effectiveness of the Advanced Cyber Security & Emerging technologies / controls capabilities to ensure appropriate plans are in place to address lower performance and ineffective practices
  • Evaluates, defines and provides recommendations addressing computer security architecture and infrastructure to address new requirements, emerging advanced network technologies, and changes to communications and IT operations and business processes
  • Manages all aspects of communications security and the development, implementation, interpretation, accreditation, risk management and maintenance of detailed communications security policies, plans, programs, standards and criteria ensuring a successful communications security program
  • Analyse business requirements and security solutions to deliver business appropriate levels of protection
  • Responsible for application security but with a good working knowledge of other security domains (Cryptography, Identity and Access Management, Threat and Vulnerability Management, Infrastructure and Networks and Auditing, Logging and Compliance)
  • Provide reporting on control status to management
  • Update product standards as needed
  • Proven ability to follow global established standards in digital evidence acquisition and handling, experience with conducting digital investigations and incident responses and experience in managing insider threats and cyber and data exfiltration incidences
  • Support the delivery of the 3 year Cyber security roadmap to maintain and optimize the Advanced Cyber Security & Emerging technologies / controls capability
  • Lead the enhancement and optimization of implemented reporting mechanisms to demonstrate the value of the Advanced Cyber Security & Emerging technologies / controls function with tangible benefits
  • Identifies technical and business opportunities to take advantage of cross project knowledge, best practices and reusability to expedite projects
  • Manage the security posture of IT infrastructure for overseas locations
  • Provide deployment services on enabling new infrastructure capability
  • Follow information security policies, methods, standards, National Institutes of Standard and Technology (NIST) standards and practices to organizational information systems, IT reference materials and interpret regulations
  • Implement security controls, perform ongoing maintenance and prevent, detect, analyze and respond to security incidents
  • Communicate with Information Security Officer, and other IT personnel within the organization and organizational staff
  • Help coordinate the implementation of security programs across all agency platforms
  • Assist with Active Directory access and Group Policies, Internet intrusion detection, Internet filtering, and monitoring of employee access, virtual private networking (LAN/WAN) security
  • Assist and participate with the Senior IT Specialist as an advisor in projects to enhance or develop new IT systems, or to study the feasibility of acquiring new technology


  • Understand information security trends
  • Document and communicate security solution roadmap to the GM, Enterprise Security Architecture team


Knowledge and Experience:

  • A Degree or its equivalent in Information Technology, Network Security, Enterprise Network Management, Information Security, Management Information System Computing, Engineering or similar area of study
  • Relevant industry certifications in information security program and governance as well as PMP will be an added advantage
  • Minimum of Eight (3) years of computer information technology experience.
  • Minimum of Four (7) years of experience engineering and designing IT security solutions
  • Good understanding all the information security domains
  • Experience of identifying and managing technology security risk
  • Certification like CISSP, CCSP, CISA, CCISO, SABSA, ISO27001, ISO27301 will be of advantage

Key Critical Competencies:

  • Ability to know when to implement solutions with consideration to the wider impacts i.e. risk, cost, customer impact, timescales, etc.
  • Excellent negotiation, and written and verbal presentation skills
  • Ability to handle high pressure situations with key stakeholders
  • Good Analytical skills, Problem solving and Interpersonal skills
  • Deep knowledge of enterprise application development security controls
  • Good knowledge of Telco convergence business, FinTech network traffic consumption and OpenAPI

go to method of application »

Data Protection Analyst

Job Purpose:    

The Data Protection Specialist is responsible for executing and administering Data Protection functions and supporting systems. Responsibilities will include overall systems management; support and execution of Data Protection roadmap and the related projects; organizational awareness, processes and procedures and compliance with audits/assessments related to Data Protection administration.

Job Responsibilities/ Accountabilities:  

  • Work with vendors to support the DLP technology (troubleshooting, upgrades, etc.)
  • Administration of the DLP tools which includes configuring policies, upgrading and patching, etc.
  • Monitor alerts generated from the DLP systems and other technologies
  • Understand and follow the incident response process through event escalations
  • Respond to escalations by the Incident Response Team
  • Follow processes to maintain the DLP system
  • Assist the team with incident management and responding to Data Subject Rights Requests.
  • Assist with the development of existing policy documentation and related practical guidance.
  • Support data protection training and awareness initiatives across the Group.


Knowledge and Experience  

  • 3-5 years’ experience in implementation and administration of DLP solution in the  Banking environment
  • Experience with Microsoft Windows operating systems, Office 365, Enterprise Mobility and Security (EMS) and Enterprise Mobility Management (EMM)
  • Experience with Privilege Access Management solutions, Least privilege Access Management platforms and multi-factor authentication solutions among other technologies
  • Experience in managing Information Security compliance
  • In depth knowledge of Information risk concepts / relating business needs to security controls

Preferred certifications:  

  • CISSP, CCNP, Network +, CISM, CGEIT or equivalent.

go to method of application »

Analyst – Awareness, Enterprise Reporting & Analytics

Job Purpose:   

The role holder will be responsible for overseeing the security awareness and education program in the Bank to ensure the employees understand security requirements and reduce organizational risk and exposure by behaving in a secure manner.   Additionally, he/she will oversee the development of cybersecurity reporting and metrics for different stakeholders in the Bank.

Job Responsibilities/ Accountabilities: 

Enterprise Reporting and Analytics: 

  • Identifies, defines, gathers, and reports cybersecurity risk metrics that are important to business leaders in collaboration with technical employees and other key stakeholders.
  • Develop executive-level cybersecurity reports and communication to enable risk-informed business decision-making.
  • Ensure written deliverables are clear, comprehensive, error-free, and tailored to various audience levels, including executive audiences.
  • Oversee the efforts to verify the correctness of executive reports that contain numerous data points of various categories through quality control.
  • Coordinate proactively with stakeholders on metrics, reporting, and other tasks.
  • Assist in the implementation of processes and procedures for cybersecurity reporting and metrics activities.
  • Contribute towards process improvement of team processes, templates and tools.
  • Provide input to cybersecurity reporting and dashboards.
  • Researches best practices and innovative approaches to enable assessment and communication of cybersecurity risk and metrics.

Information Security Awareness: 

  • Develop an information security awareness program for the bank that meets all industry regulations, standards and compliance requirements.
  • Implement the awareness program within the bank using appropriate and engaging mechanisms for the audience.
  • Continuously identify top human risks and align the security program to change these behaviours.
  • Create metrics, measure and report adherence to the information security policies and standards.
  • Conduct regular awareness and education benchmarking with other companies and organizations within and outside the industry


Knowledge and Experience:

  • Bachelor’s Degree/Diploma/Certificate in Information Technology, Information Security/Assurance, Engineering or a similar area of study
  • Relevant industry certifications (e.g. CISA, CRISC, CISM, etc.) will be advantageous
  • Minimum 3 years of experience in conducting awareness and/or implementing educational initiatives
  • Minimum 3 years in report writing and dashboard visualization.
  • Minimum 3 years of experience in a business or technology environment
  • Project management experience
  • Understanding of information security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc. will be advantageous.
  • Knowledge of industry-standard frameworks (ISO 27000, NIST, PCI DSS) will be advantageous.
  • Ability to effectively provide a briefing to the business stakeholders regarding ongoing security incidents and threat levels.

Key Critical Competencies 

  • Proficient in the preparation of reports, dashboards and documentation
  • Excellent written and verbal communication ability
  • Aptitude for effectively conveying complex information
  • Ability to handle high-pressure situations with key stakeholders
  • Good analytical skills, problem solving and interpersonal skills
  • Ability to plan and manage complex, organization-wide programs
  • Ability to prioritize and consistently meet deadlines
  • Good research skills
  • Ability to work late on critical tasks when required

Role Complexity:   

  • Exceptional attention to detail and the capacity to combine information from several sources and condense it into language suitable for a range of audiences in at least 13 technology domains in at least 7 markets of Equity Group

Budgets/ Financial Input:

  • Assist with the management of security budgets in line with business objectives and facilitate forecasting. Includes yearly CAPEX and OPEX Plans, and tracking spending throughout the year
  • Manage awareness and reporting initiatives budgets in line with business objectives
  • Drive initiatives that will ensure that the “cost of operations” is reduced, in line with a least-cost operating strategy stemming from the business drivers

Submit Your Application