Cyber and Information Security Audit Manager

Job Summary:
The Cyber and Information Security Audit Manager is responsible for supporting the Head of the CISA Unit in providing independent and objective assurance over the Bank’s cyber and information security governance, risk management, and control environment. The role ensures that cyber and information security risks are adequately identified, assessed, audited, and reported in line with regulatory requirements, international standards, and the Bank’s risk-based audit methodology.

Key Responsibilities:

• Develop and execute risk-based audit plans covering cyber security, IT infrastructure, applications, and data security.
• Conduct audits of information security governance, network security, cloud environments, digital banking platforms, and emerging technologies.
• Evaluate compliance with regulatory requirements, industry standards, and internal policies.
• Assess vulnerability management, incident response processes, and disaster recovery frameworks.
• Review user access management controls and privileged access monitoring.
• Identify control gaps and provide practical, risk-based recommendations.
• Prepare comprehensive audit reports 
• Follow up on implementation of agreed audit recommendations.
• Provide advisory support on new systems, digital initiatives, and IT projects.

Qualifications & Experience:

Academic Qualifications

• Bachelor’s degree in Information Technology, Computer Science, Information Systems, Engineering, or a related discipline.

Professional Certifications (At least one required; multiple preferred)

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• Certified Information Systems Security Professional (CISSP)
• ISO/IEC 27001 Lead Auditor or Lead Implementer

Experience

• Minimum of five (5) years’ relevant experience in IT audit, cyber security, or information security.
• At least two (2) years’ experience in a supervisory or team leadership role.
• Prior experience within the banking or financial services sector is an advantage.

Knowledge Requirements

• Strong knowledge of cyber and information security risks, controls, and governance frameworks.
• In-depth understanding of banking IT environments and core banking systems.
• Working knowledge of relevant laws, regulations, and directives governing cyber and information security.
• Familiarity with risk management, business continuity, disaster recovery, and third-party risk management.