KEY RESPONSIBILITIES
Provide leadership in individual Cyber Security related audit and advisory assignments.
Conduct cyber security risk assessment to develop the annual Group IS audit plan.
Lead the execution of independent threat and vulnerability assessment and penetration test audits of the bank's ICT systems to assess the effectiveness of the cybersecurity control framework and report on cyber risks noted.
Lead walkthroughs, testing of controls, and negotiating potential issues for Technology audits within the cybersecurity and infrastructure portfolio, including scope areas such as identity and access management, asset classification, network security, operating system security, database security, web application security, mobile application security, public cloud (AWS/GCP/Azure) environments, vulnerability management, endpoint protection, etc.
Present to the area management the results, recommendations, and conclusions of the cyber security audit reviews.
Undertake preparation of audit reports and communication of audit findings.
Reviews the results of audit work in accordance with internal audit guidelines and the Institute of Internal Auditors (IIA) standards.
Share knowledge, skills, and experience with team members.
Maintain respectful and effective communications and relationships with key stakeholders.
Value-add activities including provision of consultancy to projects undertaken by the business.
POSITION REQUIREMENTS
Academic & Professional
Education Bachelor's Degree Information Technology, Electrical Engineering, Computer Science, Business RQ
Professional Qualifications – Vulnerability Assessment and Penetration Testing LPT/Offensive Security Certified Professional (OSCP)/CCIE Security/CSX Practitioner/ Certified Red Team Expert (CRTE) RQ
Master's Degree IT, MBA, Computer Science AA
Experience
Eight Total Minimum No of Years' Experience Required
Detail Minimum No of Years Need Type[1]
Experience IT Security and/or IT Audit 8 ES
Cyber Security Reviews and Vulnerability Assessments Experience 5 ES
Red Team Exercises and/or Penetration Testing Experience 5 ES
Stakeholder management 5 ES
People management 2 DE