Senior Manager, Cybersecurity Audit
The Position:
The Information System
Audit department is a function within the Audit division. The department is
responsible for providing objective and independent assurance that the
bank’s Information Systems are appropriate, well utilized, reliable and secure
while giving commensurate recommendations on areas of improvement.
Reporting to the Head,
Information Systems Audit, the Senior
Manager, Cybersecurity Audit exists to lead cyber security
related audits and advisory assignments across the Group that will give
objective and independent assurance that the bank’s Information Systems and ICT
infrastructure are appropriate, well utilized, reliable and secure while giving
commensurate recommendations on areas of improvement.
Key Responsibilities:
- Provide
leadership in individual Cyber Security related audit and advisory
assignments.
- Conduct
cyber security risk assessment to develop the annual internal audit plan.
- Lead
the execution of independent threat and vulnerability assessment and
penetration test audits of the bank’s ICT systems to assess the
effectiveness of the cybersecurity control framework and report on cyber
risks noted.
- Lead
walkthroughs, testing of controls, and negotiating potential issues for
Technology audits within the cybersecurity and infrastructure portfolio,
including scope areas such as identity and access management, asset
classification, network security, operating system security, database
security, web application security, mobile application security, public
cloud (AWS/GCP/Azure) environments, vulnerability management, endpoint
protection, etc.
- Present
to the area management the results, recommendations, and conclusions of
the cyber security audit reviews.
- Undertake
preparation of audit reports and communication of audit findings
- Reviews
the results of audit work in accordance with internal audit guidelines and
the Institute of Internal Auditors (IIA) standards.
- Share
knowledge, skills, and experience with team members.
- Maintain
respectful and effective communications and relationships with key
stakeholders.
- Value-add
activities including provision of consultancy to projects undertaken by
the business.
The Person:
For the above position,
the successful applicant should have the following:
- Bachelor’s
Degree in Information Technology, Electrical Engineering, Computer
Science, Business, or a Related field from a university recognized by
Commission for University Education.
- Must
Possess LPT/Offensive Security Certified Professional (OSCP)/CCIE
Security/CSX Practitioner/ Certified Red Team Expert (CRTE) or a related
penetration testing or red team exercise certification.
- Master’s
degree is an added advantage
- A
minimum 8 years’ experience in IT Security and/or IT Audit covering 5
years in Cyber Security Reviews and Vulnerability Assessments and 5 years
in Red Team Exercises and/or Penetration Testing Experience.
- Must
possess proficiency in using penetration testing tools e.g., Kali Linux,
Nessus, Nipper, Burp suite, Metasploit framework, Wireshark, Acunetix,
Netsparker, Mobsf, Frida, BeEF, Objection etc.
- Must
possess proficiency in performing security assessments on operating
systems, database management systems, web applications and mobile
applications.
- Must
possess excellent audit report writing and presentation skills.
- Must
possess excellent customer service skills, strong business analytical
skills, superior communication, and inter-personal skills.
- Must
possess effective planning, organizing and problem-solving skills.
How to Apply
The above position is
demanding role for which the Bank will provide a competitive remuneration
package to the successful candidate. If you believe you can clearly demonstrate
your abilities to meet the criteria given above, please log in to our
Recruitment portal and submit your application with a detailed CV.
To be considered your
application must be received by Thursday,
22nd December
2022.
Qualified candidates with
disability are encouraged to apply.
Only short-listed
candidates will be contacted.
