Manager, Cyber Security Audit

KEY RESPONSIBILITIES: 

1. Conduct cyber risk assessment for assigned cyber security audit and advisory assignments.
2. Perform independent threat and vulnerability assessment and penetration test audits of the bank’s ICT systems to assess the effectiveness of the cybersecurity control framework and report on cyber risks noted.
3. Serve as an objective and independent advisor to business functions by providing assurance that cyber security operations and processes conform to current KCB group policies and procedures, regulatory requirements as well as applicable legislation.
4. Conduct walkthroughs, testing of controls, and negotiating potential issues for Technology audits within the cybersecurity and infrastructure portfolio, including scope areas such as identity and access management, asset classification, network security, operating system security, database security, web application security, mobile application security, public cloud (AWS/GCP/Azure) environments, vulnerability management, endpoint protection, etc.
5. Identify and evaluate significant cyber security risk exposures and contribute to the improvement of technology risk management and control systems.
6. Ensure cyber security audits are performed in accordance with the Internation Professional Practices Framework (IPPF) and the bank’s internal audit methodology.
7. Documents the results of audit work in accordance with internal audit guidelines and the Institute of Internal Auditors (IIA) standards.
8. Maintain respectful and effective communications and relationships with key stakeholders pre, during and post audit assignments to ensure alignment of audit objectives to Bank strategy.
9. Follow up on the implementation of audit recommendations, identifying and reporting any gaps that may derail implementation of audit recommendations.
10. Keep the organisation updated on cyber security industry trends, regulatory changes, and best practices in internal auditing as well as developments in the Banking industry and business environments that would inform the quality of the audit and quality assurance.

MINIMUM POSITION REQUIREMENTS
 

1. ACADEMIC & PROFESSIONAL

Particulars Detail Specific Field or Qualification 

Need

Type[1]

Education  Bachelor’s Degree Information Technology, Electrical Engineering, Computer Science    RQ Professional Qualifications – Information Systems Audit / Security CISA/CISM/CISSP RQ Professional Qualifications – Vulnerability Assessment and Penetration Testing CEH/ LPT/OSCP/CCIE Security/CSX Practitioner/ Certified Red Team Expert (CRTE) RQ Master’s Degree IT, MBA, Computer Science AA

      2. Experience

Total Minimum No of Years’ Experience Required 4   Detail

Minimum

No of Years

Need Type[2] Experience IT Security and/or IT Audit 4 ES Cyber Security Reviews and Vulnerability Assessments Experience  3 ES Red Team Exercises and/or Penetration Testing Experience  3 ES Stakeholder management 2 ES

          

KCB Group is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya – incorporated with effect from January 1, 2016 – and all KCB’s regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan. It also owns KCB Insurance Agency, KCB Capital, KCB Foundation, National Bank of Kenya, and all associated companies. The holding company was set up to among other things to enhance the Group’s capacity to access unrestricted capital and also enable investment in new ventures outside banking regulations, achieve operational and strategic autonomy for the Group’s operating entities and enhance corporate governance across the Group and oversight in the management of subsidiaries. Related documentation:  Group Name Change,   Name Change Certificate,  KCB Advise on Non-Operating Holding Company,  KCB Group Structure,  Kenya Gazette Notice.