JOB ADVERT

Grounded in strong ethical values and a transformational goal to serve the poor, Opportunity Bank delivers tailored lending, savings, and financial inclusion solutions while maintaining high standards of governance, risk management, and community support. We value integrity, professionalism, and positive impact, and are committed to fostering economic opportunity and vlong-term partnerships across the communities we serve.

Does your passion align with our Mission and Vision?

Opportunity Bank invites applications from qualified candidates to fill the position of Cyber Security Analyst.

Reports to: Chief Information Security Officer

Duty Station: Head Office

Number of Vacancies: Two (02)

Job purpose:

Protect the Bank’s information assets through the implementation of requisite security controls on IT infrastructure. The security controls should be aligned with the best industry practice and in compliance with existing regulations.

Job Responsibilities:

1. Security configuration and Monitoring

• Security configuration and monitoring of events from tools including SIEM, EDR/antivirus, firewalls, WAF, and NAC.
• Investigate alerts, identify potential threats, and escalate incidents to the CISO.
• Maintain a security operation alerts and incident registers.
• Support continuous improvement of monitoring rules and detection use cases.

2. Information Security Incident Management

• Participate in detection, analysis, containment, eradication, and recovery of cybersecurity incidents.
• Support investigation of technology-enabled fraud affecting digital banking, mobile banking, cards, and agency banking.
• Collect and preserve evidence for forensic and regulatory review.

3. Vulnerability and Patch Management

• Conduct regular security assessments, penetration testing, and vulnerability scanning to identify potential weaknesses and recommend remediation measures.
• Perform systems configuration reviews against hardening standards.
• Monitor patch deployment status and escalate delays.

4. Access Control and Identity Security

• Perform periodic user access reviews for critical systems.
• Monitor privileged account activities.
• Support timely deprovisioning of user accounts.

5. Security Compliance and Audit Support

• Maintain evidence for internal audit, external audit, and regulatory inspections.
• Track closure of audit, risk, and regulatory findings.
• Support preparation of IT Steering Committee, Management, and Board reports.

6. Third-Party Security Monitoring

• Support security assessments of vendors and outsourced service providers.
• Monitor remediation of third-party security issues.
• Track compliance with contractual security requirements.

7. Business Continuity and Cyber Resilience

• Support Disaster Recovery and Business Continuity testing.
• Validate backup availability and integrity.
• Participate in cyber resilience and recovery exercises.

8. Secure Projects and Change Management

• Perform security reviews for new systems, projects, and technology changes.
• Verify implementation of security-by-design requirements.
• Support secure configuration and deployment validation.

9. Threat Intelligence and Awareness

• Monitor emerging cyber threats affecting the financial sector.
• Support phishing simulations and staff awareness campaigns.
• Provide threat advisories to IT and business units.

Qualifications & Experience

• Bachelor’s degree in ICT, Information Security, Computer Science, or a related field.
• Minimum 3 years’ experience in IT Security, SOC, or system/network administration.
• At least one certification preferred:
  • CEH
  • CompTIA Security+
  • ISO 27001 Foundation/Implementer.
  • CISA (advantage).
• Hands-on experience with: SIEM / log monitoring, Vulnerability tools (Burp Suite, Nessus, Qualys, Nmap, Metasploit, etc), Endpoint security / EDR, Firewalls / network security.
• Have an in-depth understanding of OWASP testing methodology, Dynamic and Static Application Security Testing, re-engineering, automation, ASP.NET/JAVA, IDS/IPS systems.

Personal skills and abilities

• Mission and Vision alignment – Possesses a strong social mission, a blend of financial and soft skills, and a commitment to community development with a desire to contribute to the strategic goals of the bank.
• Responsiveness – Willing to serve the low – income segment in urban, semi urban and rural communities.
• Adaptability – Resilient, hardworking, willing to learn and capable of fostering lasting relationships.
• Transformational – Practices empathy by paying close attention to the needs and feelings of customers and showcasing how the bank’s products and services fundamentally improve their lives by focusing on their journey.
• Servanthood – Mission driven and motivated by the social mission of empowering clients and improving livelihoods, rather than solely by financial incentives.
• Ethical traits – Models transparent behavior, integrity, and ensures ethical considerations are central in all the work area.
• Analytical skills like critical thinking.
• Good communication skills
• Good Team work skills
• Attention to detail

Opportunity Bank is an equal opportunity employer. All qualified candidates are encouraged to apply, regardless of disability, gender, marital status, religion and ethnicity.

• Security configuration and monitoring of events from tools including SIEM, EDR/antivirus, firewalls, WAF, and NAC.
• Investigate alerts, identify potential threats, and escalate incidents to the CISO.
• Maintain a security operation alerts and incident registers.
• Support continuous improvement of monitoring rules and detection use cases.
• Participate in detection, analysis, containment, eradication, and recovery of cybersecurity incidents.
• Support investigation of technology-enabled fraud affecting digital banking, mobile banking, cards, and agency banking.
• Collect and preserve evidence for forensic and regulatory review.
• Conduct regular security assessments, penetration testing, and vulnerability scanning to identify potential weaknesses and recommend remediation measures.
• Perform systems configuration reviews against hardening standards.
• Monitor patch deployment status and escalate delays.
• Perform periodic user access reviews for critical systems.
• Monitor privileged account activities.
• Support timely deprovisioning of user accounts.
• Maintain evidence for internal audit, external audit, and regulatory inspections.
• Track closure of audit, risk, and regulatory findings.
• Support preparation of IT Steering Committee, Management, and Board reports.
• Support security assessments of vendors and outsourced service providers.
• Monitor remediation of third-party security issues.
• Track compliance with contractual security requirements.
• Support Disaster Recovery and Business Continuity testing.
• Validate backup availability and integrity.
• Participate in cyber resilience and recovery exercises.
• Perform security reviews for new systems, projects, and technology changes.
• Verify implementation of security-by-design requirements.
• Support secure configuration and deployment validation.
• Monitor emerging cyber threats affecting the financial sector.
• Support phishing simulations and staff awareness campaigns.
• Provide threat advisories to IT and business units.

• SIEM / log monitoring
• Vulnerability tools (Burp Suite, Nessus, Qualys, Nmap, Metasploit, etc)
• Endpoint security / EDR
• Firewalls / network security
• OWASP testing methodology
• Dynamic and Static Application Security Testing
• re-engineering
• automation
• ASP.NET/JAVA
• IDS/IPS systems
• Critical thinking
• Good communication skills
• Good Team work skills
• Attention to detail

• Bachelor’s degree in ICT, Information Security, Computer Science, or a related field.
• Minimum 3 years’ experience in IT Security, SOC, or system/network administration.
• At least one certification preferred: CEH, CompTIA Security+, ISO 27001 Foundation/Implementer. CISA (advantage).
• Hands-on experience with SIEM / log monitoring, Vulnerability tools (Burp Suite, Nessus, Qualys, Nmap, Metasploit, etc), Endpoint security / EDR, Firewalls / network security.
• In-depth understanding of OWASP testing methodology, Dynamic and Static Application Security Testing, re-engineering, automation, ASP.NET/JAVA, IDS/IPS systems.
• Strong social mission, a blend of financial and soft skills, and a commitment to community development.
• Willingness to serve the low-income segment.
• Resilient, hardworking, willing to learn and capable of fostering lasting relationships.
• Empathetic, attentive to customer needs and feelings.
• Mission-driven and motivated by social impact.
• Transparent behavior, integrity, and ethical considerations.