Manager, Cyber Security Audit
Reporting to the Senior Manager, Cyber Security Audit, the Manager, Cyber Security Audit will carry out cyber security related audits and advisory assignments across the Group that will give objective and independent assurance that the bank’s Information Systems and ICT infrastructure are appropriate, well utilized, reliable and secure while giving commensurate recommendations on areas of improvement.
Key Responsibilities:
- Conduct cyber risk assessment for assigned cyber security audit and advisory assignments.
- Perform independent threat and vulnerability assessment and penetration test audits of the bank’s ICT systems to assess the effectiveness of the cybersecurity control framework and report on cyber risks noted.
- Serve as an objective and independent advisor to business functions by providing assurance that cyber security operations and processes conform to current KCB group policies and procedures, regulatory requirements as well as applicable legislation.
- Conduct walkthroughs, testing of controls, and negotiating potential issues for Technology audits within the cybersecurity and infrastructure portfolio, including scope areas such as identity and access management, asset classification, network security, operating system security, database security, web application security, mobile application security, public cloud (AWS/GCP/Azure) environments, vulnerability management, endpoint protection, etc.
- Identify and evaluate significant cyber security risk exposures and contribute to the improvement of technology risk management and control systems.
- Ensure cyber security audits are performed in accordance with the Internation Professional Practices Framework (IPPF) and the bank’s internal audit methodology.
- Documents the results of audit work in accordance with internal audit guidelines and the Institute of Internal Auditors (IIA) standards.
- Maintain respectful and effective communications and relationships with key stakeholders pre, during and post audit assignments to ensure alignment of audit objectives to Bank strategy.
- Follow up on the implementation of audit recommendations, identifying and reporting any gaps that may derail implementation of audit recommendations.
- Keep the organisation updated on cyber security industry trends, regulatory changes, and best practices in internal auditing as well as developments in the Banking industry and business environments that would inform the quality of the audit and quality assurance.
The Person
For the above position, the successful applicant should have the following:
- Bachelor’s degree in information technology, electrical engineering, computer science or related.
- Professional Qualifications in Information Systems Audit / Security (CISA/CISM/CISSP) at least one is required.
- Professional Qualifications – Vulnerability Assessment and Penetration Testing (CEH/ LPT/OSCP/CCIE Security/CSX Practitioner/ Certified Red Team Expert (CRTE)) at least one is required.
- A minimum of 4 years’ work experience in IT Security and/or IT Audit.
- 3 years’ experience in Cyber Security Reviews and Vulnerability Assessments.
- 3 years’ experience in Red Team Exercises and/or Penetration Testing.
- 2 years’ experience in Stakeholder management.
The above position is a demanding role for which the Bank will provide a competitive remuneration package to the successful candidate. If you believe you can clearly demonstrate your abilities to meet the criteria given above, please log in to our Recruitment portal and submit your application with a detailed CV. To be considered your application must be received by Friday 11th July 2025.
Qualified candidates with disability are encouraged to apply.
Only short-listed candidates will be contacted.
