Job Description

Job Purpose:

Our purpose is transforming lives, giving dignity, and expanding opportunities for wealth creation.

The Senior Manager – Cybersecurity Audits and Advisory is responsible for leading cybersecurity audit and advisory assignments across the Group. This role oversees the planning, execution, and reporting of cybersecurity audits, as well as providing strategic advisory services to enhance the organization’s cybersecurity posture and align with industry best practices.

Reports to Group Head of Audit – Technology, Digital and Data Analytics.

Job Responsibilities:

Cybersecurity Audit Planning and Execution:

• Assist in developing and executing the annual internal plan with specific responsibility for cybersecurity audits.
• Lead and coordinate cybersecurity audits across the Group, ensuring consistency in audit methodologies and standards.
• Evaluate the design and operating effectiveness of cybersecurity controls, access management, network security, data protection, and incident response.
• Assess compliance with relevant cybersecurity regulations, industry standards, and internal policies.

Cybersecurity Advisory Services:

• Provide strategic advice and recommendations to enhance the Group’s cybersecurity controls, risk management practices, and overall security posture.
• Conduct cybersecurity assessments, gap analyses, and maturity evaluations to identify improvement opportunities.
• Advise on the implementation of cybersecurity frameworks, standards, and best practices across the organization.
• Support the development and review of cybersecurity policies, procedures, and guidelines.
• Provide relevant assurance and advisory services in select IT projects.

Audit Team Management:

• Manage and mentor a team of cybersecurity auditors and advisors, providing guidance, training, and professional development opportunities.
• Assign audit and advisory resources effectively across the Group’s entities and ensure adherence to timelines and budgets.
• Foster collaboration and knowledge-sharing among the cybersecurity teams across different locations.

Reporting and Communication:

• Prepare comprehensive audit reports and advisory deliverables detailing findings, risks, and recommendations.
• Present audit results, advisory recommendations, and strategic insights to senior management, CISO, and relevant stakeholders.
• Collaborate with local IT audit teams, cybersecurity function, and business units to ensure effective communication and alignment.
• Provide strategic level advisory through communication of key themes, insights and foresights to senior management and the Board.

Stakeholder Management:

• Liaise with relevant stakeholders, including IT managers, business unit leaders, and regulatory authorities, to understand their expectations and requirements. 
• Foster positive relationships with internal and external stakeholders, promoting transparency and trust in the audit and advisory processes. 

Continuous Improvement and Thought Leadership: 

• Stay updated with emerging cybersecurity threats, regulatory changes, and industry best practices, and incorporate them into the audit and advisory programs. 
• Contribute to the development of cybersecurity strategies, frameworks, and methodologies within the organization.

Qualifications

• Bachelor’s Degree in Computer Science, Information Technology or a related field from a recognized university.
• Professional cyber security certifications such as OSCP, CCIE Security, LPT or equivalent cybersecurity certifications.
• Minimum of 8+ years of experience in cybersecurity auditing, IT audit, IT security, risk management, advisory services, or related roles, with a focus on the financial services industry.

Competencies:

• Proficiency in the use of penetration testing and vulnerability assessment tools and in conducting ethical hacking assignments.
• Proven ability to lead and manage teams of cybersecurity professionals.
• Strong understanding of cybersecurity frameworks, standards, and regulations (e.g., NIST, ISO, PCI-DSS).
• Analytical and problem-solving skills to identify and address complex cybersecurity risks and provide actionable solutions.
• Excellent communication and interpersonal skills for effectively presenting findings, recommendations, and strategic insights to stakeholders at all levels.
• Ability to travel domestically and internationally as required.
• Results orientation
• High integrity and strength of character

Method of Application

Interested and qualified? Go to Equity Bank Kenya on equitybank.taleo.net to apply