Our purpose is transforming lives, giving dignity, and expanding opportunities for wealth creation.
The Audit Manager - Cybersecurity Audits is responsible for conducting comprehensive cybersecurity audits and assessments across the Group. This role plays a crucial part in evaluating the effectiveness of cybersecurity controls, identifying risks, and providing strategic recommendations for improvement to ensure compliance with relevant regulations and industry standards.
Reports to Senior Manager - Cybersecurity Audits
Qualifications
- Bachelor’s degree in computer science, information technology, cybersecurity, or a related field from a recognized university.
- Professional certifications such as CISA, CISM. Must also hold a cybersecurity testing certification such as OSCP, CCIE Security or equivalent cybersecurity auditing certifications.
- Minimum of 5 years of experience in cybersecurity auditing, IT audit, risk management, or related roles with a minimum of 3 years’ experience in conducting Cybersecurity reviews such as Penetration Testing, Vulnerability Assessments.
Competencies:
- Experience in conducting vulnerability assessments and penetration testing exercises against applications, networks, systems etc
- Strong understanding of cybersecurity frameworks, standards, and regulations (e.g., NIST, ISO, PCI-DSS).
- Proficient in the use of penetration testing and security assessment tools.
- Familiarity with auditing tools, techniques, and methodologies, including data analytics and automated testing.
- Excellent analytical, problem-solving, and critical thinking skills.
- Strong communication skills, both written and verbal, for effective reporting and collaboration.
- Ability to work in a team environment and collaborate with cross-functional stakeholders.
- Willingness to travel domestically and internationally as required. Results orientation
- High integrity and strength of character
Cybersecurity Audit Execution:
- Participate in the planning and execution of cybersecurity audits across the Group.
- Conduct complex cybersecurity audits across various business units and subsidiaries, focusing on areas such as access management, network security, data protection, and incident response.
- Evaluate the design and operating effectiveness of cybersecurity controls, ensuring alignment with internal policies, industry best practices and regulatory requirements.
- Perform technical testing and analyses, such as vulnerability assessments, penetration testing, and data analytics.
- Collaborate with other audit teams to deliver integrated audits and advisory assignments
Audit Reporting and Documentation:
- Prepare comprehensive audit reports detailing findings, risks, and recommendations for remediation.
- Document audit procedures, evidence, and working papers in accordance with established standards and methodologies.
- Collaborate with stakeholders to validate findings and ensure accurate reporting.
Risk Assessment and Recommendations:
- Analyze and evaluate the potential impact of identified risks on the organization's operations and cybersecurity posture.
- Provide practical recommendations to mitigate risks and enhance the effectiveness of cybersecurity controls.
- Assist in the development and implementation of remediation plans, as necessary.
- Contribute to cybersecurity advisory projects and assessments, providing subject matter expertise and guidance.
Continuous Learning and Development:
- Stay updated with emerging cybersecurity threats, regulatory changes, and industry best practices.
- Participate in training and professional development opportunities to enhance technical and auditing skills.
- Contribute to the improvement of audit methodologies and procedures within the team.
Stakeholder Management and Mentorship:
- Collaborate effectively with cybersecurity teams, IT teams, business units, and relevant stakeholders during audit engagements.
- Foster positive relationships and maintain open communication channels to facilitate the audit process.
- Provide guidance, mentorship, and support to junior auditors and team members.