Internal Audit Manager- Cyber and Technology

Empowering Africa’s tomorrow, together…one story at a time.

With over 100 years of rich history and strongly positioned as a local bank with regional and international expertise, a career with our family offers the opportunity to be part of this exciting growth journey, to reset our future and shape our destiny as a proudly African group.

My Career Development Portal: Wherever you are in your career, we are here for you. Design your future. Discover leading-edge guidance, tools and support to unlock your potential. You are Absa. You are possibility.

Job Summary

The core responsibility of an auditor within Absa is to execute audit assignments in accordance with the Group Audit Plan and relevant policies, procedures and quality standards.

Internal Audit Manager in Cyber and Tech (IT Auditor) help organisations secure its data and systems from external or internal threats by analysing and assessing their technology systems and infrastructure to ensure systems are secure, efficient, accurate and compliant.

The IT Auditor will be responsible for planning and executing complex and specialized audits assignments in accordance with the Group Audit Plan and Internal Audit methodology, relevant policies, procedures and quality standards.

Job Description

Audit Delivery and Issue Assurance

• Apply in-depth knowledge of audit methodology, gained through training and experience, to deliver high-quality audits aligned with the Quality Assurance scorecard.

• Develop an in-depth knowledge of Absa and the various business areas and use this knowledge to assess risks and controls through identifying, assessing and documenting risks and controls within these processes.

• Support planning and execution of Design and Operating Effectiveness testing, focusing on key IT, cyber, and change risks with minimal supervision from the Chief Internal Auditor/ Engagement Lead/ Audit Lead.  

• Evaluate the design and operating effectiveness of controls; document accurate, complete working papers in Audit Bond per methodology for review by the Chief Internal Auditor/ Engagement Lead/ Audit Lead. 

• Document all working papers in line with methodology requirements and quality standards.

• Ensure audit observations are factually accurate, address root causes, and are agreed upon with management promptly to enable timely report issuance.

• Display professional skepticism; challenge management constructively and support findings with clear evidence.

• Build and maintain effective relationships with stakeholders and audit contacts through regular engagement and transparent communication.

• Participate in risk discussions with management to inform audit planning, reporting, and the risks associated in their environment.

• Provide feedback to the Chief Internal Auditor/ Engagement Lead/ Audit Lead and audit team with progress and observations raised during the audit by providing practical recommendations to address identified control gaps and enhance risk management.

• Engage with Absa Internal Audit (AIA) colleagues to seek technical input and share insights during audit assignments. Technical input may be requested for the review of the risks and controls to be tested, audit working papers and audit report.

• Provide guidance to junior team members and support the induction of new joiners by sharing best practices to elevate team performance.

• Provide regular updates to the Chief Internal Auditor / Engagement Lead/ Audit Lead on audit progress, issues, and team contributions.

• Contribute to the 6+6 audit planning cycle by identifying key risks, business priorities, and material risks affecting the business.

• On an ongoing basis throughout the audit, discuss and agree the factual accuracy of audit observations with the client. 

Conduct complex IT related audits as guided by the risk-based audit plan to assess the governance and management of data integrity, security, software development and IT governance within the business including but not limited to:

• Pre-/post-implementation reviews of system implementations or enhancements

• Review of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate

• Provide actionable guidance to the business on IT, infrastructure, and cybersecurity risks.

• Systems development audits to verify that systems that are being developed meet development standards.

• Systems and application audits that evaluate whether systems and applications are controlled, reliable, efficient, secure and effective.

• IT security audits, including evaluating security vulnerabilities and whether they are properly identified and mitigated.

• Project assurance to assist management in improving organisational efficiency and effectiveness and minimise risk.

• Perform Issue Assurance reviews in line with the requirements of the methodology.

• Identify opportunities to use data analytics and automated audit techniques to enhance audit delivery.

• Remain informed on emerging risks, regulatory changes, and industry developments relevant to assigned business areas and provide feedback to the Chief Internal Auditor. 

• Participate fully and be supportive in all audits by providing assistance to the team where required.

• Provide the business with guidance and recommendations on IT risk management with particular focus on applications, infrastructure and security.

• Proactively take on additional tasks as assigned by the Chief Internal Auditor/ Engagement Lead/ Audit Lead – which may include managing Issue Assurance and production of team Management Information. 

Knowledge Management
 

• Maintain and enhance technical skills through self-learning, coaching, and mandatory continuing professional education (CPE).
• Stay current with industry trends, regulatory changes, and professional standards.
• Share knowledge and best practices with AIA colleagues and peers to support high-quality audit outcomes.
• Apply professional skepticism and a residual risk mindset when assessing audit issues and final reports.
• Continuously develop both technical and core competencies through feedback and training.

Relationship Management and Reporting
 

• Prepare clear, concise, and factually accurate audit observations that highlight significant issues, identify root causes, and propose actionable risk mitigation plans.

• Support the Chief Internal Auditor/Engagement Lead/Audit Lead in drafting audit reports in line with methodology and Balanced Scorecard requirements.

• Build and maintain strong relationships with stakeholders across the 1st and 2nd Lines of Defense to monitor business risk profiles and inform audit planning and reporting.

• Contribute to Combined Assurance efforts to enhance the overall control environment across the Three Lines of Defense (3LOD).

• Provide input into risk and committee reporting, ensuring clear messaging on business risks and control environment of the business.

Relationship Management
 

• Develop and maintain relationships with accountable management on each audit.

• Represent Internal Audit in stakeholder forums (e.g., Risk and Governance Forums), providing insights on methodology, standards, and developments.

Role/Person Specification

Preferred Education & Experience:

• Degree or Professional Qualification in Cyber Security or Information Security with 7 years relevant work experience in auditing technology, cyber and information security within the banking sector as well as data analysis experience with minimum 5 years at managerial level or

• Master’s Degree in Information Technology or Cyber Security with 6 years’ experience or equivalent of 10 years bank related experience in auditing technology, cyber and information security within the banking sector as well as data analysis experience

Knowledge & Skills:

• Strong understanding of regulatory, control, and risk issues across local and group jurisdictions or financial institutions.

• Solid industry knowledge, including awareness of competitors and market trends.

• Experience in risk-based auditing and related control activities.

• Proven ability to build and maintain relationships with executive stakeholders.

• Demonstrates initiative and openness to learning new products and concepts.

Education

Bachelor`s Degrees and Advanced Diplomas: Business, Commerce and Management Studies (Required)