• The role holder will be responsible for performing application, API, and overall vulnerability management for all Group applications. In addition, collaboration will be required with pre-deployment application testing team to ensure that issues are identified and remediated in a timely manner.

Key responsibilities

• Perform application vulnerability assessments including regular scanning and penetration testing activities in terms of post deployment security testing on Web based, APIs, Mobile, Cloud application, Robotics, IOT etc
• Performing cyber vulnerability assessment across the Enterprise and maintain vulnerability tracker
• Develop risk based vulnerability assessment plan
• Conduct comprehensive post penetration test of web based application, mobile application, network infrastructure, databases, ICT servers to assess the effectiveness of the cybersecurity framework implemented
• Maintaining proactive approach to cyber security risk and vulnerability assessment through market intelligence, continuous engagement with stakeholders to understand business dynamics
• Assessing threats and vulnerabilities regarding information assets and recommend appropriate security controls
• Identifying cyber threats, evaluating controls and make recommendations to improve internal controls and operational effectiveness and efficiency
• Monitoring the banks compliance to InfoSec security policies, standards, guidelines and procedures
• Engage stakeholders in the remediation of vulnerabilities identified by both internal and external parties
• Ensure that application security is an embedded and critical part of the software delivery lifecycle (including during the early stages of projects) regardless of delivery methodology and tool sets used (e.g. static code analysis)
• Train and educate developers and teams in secure coding techniques including use of supporting toolsets and enable them to self service
• Perform application vulnerability assessments including regular scanning and penetration testing activities in terms of post deployment security testing on Web based, Mobile, Cloud application, Robotics, IOT etc
• Perform secure code review across a variety of programming languages
• Develop functional security testing scripts and procedures and identify opportunities to automate security testing and processes
• Identify inherent vulnerabilities and information security risks within systems and applications
• Proactively follow up on vulnerability remediation for all assessments performed.

Qualifications

Knowledge and Experience:

• Bachelor’s Degree in Information Technology, Information Security/Assurance, Engineering or similar area of study
• At least 2 years’ experience in vulnerability management and penetration testing (application and API testing).
• Certifications such as CEH. Any other related certifications will be an added advantage
• Cloud experience will be an added advantage.
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Expertise with industry standard frameworks (ISO, NIST, PCI)
• Excellent communication and presentation skills, both verbal and in writing and an ability to build a network and to collaborate with various teams.

go to method of application »

• The Manager, Business Process Audits will be responsible for managing internal audit assignments in accordance with the approved annual audit plan. The role holder will be responsible for execution of the Audit strategy through identification and reporting on all significant control weaknesses through the application of a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal controls and governance processes within the Group.

Key Responsibilities

• Audit Planning and Execution
• Assist in the development and implementation of a risk-based annual internal audit plan aligned with the organization’s strategic objectives and risk profile.
• Conduct risk assessments to identify and prioritize areas of potential risk across the organization.
• Conduct various audit engagements, including operational audits, financial audits, and compliance audits
• Ensure that audits are conducted in accordance with professional standards and best practices, such as the Global Internal Audit Standards and relevant regulatory requirements.
• Evaluate the effectiveness of internal controls, risk management processes, and governance mechanisms.
• Audit Reporting and Execution
• Prepare comprehensive audit reports, highlighting significant findings, recommendations, trends and potential areas for improvement.
• Present audit reports and findings to senior management, and relevant stakeholders.
• Risk Assessment and Advisory
• Provide advisory services and consultative support to management on governance, risk management, control related matters and process improvements
• Participate in strategic initiatives, project teams or working groups to offer insights and recommendations from an internal audit perspective.
• Provide insights in the development and implementation of new policies, procedures or controls to enhance organisational effectiveness and efficiency.
• Continuous Learning and Development
• Stay updated with emerging risks, regulatory changes, and industry best practices related to the financial services industry.
• Participate in training and professional development opportunities to enhance technical and auditing skills.
• Contribute to the improvement of audit methodologies andprocedures within the team.
• Stakeholder Management:
• Establish and maintain effective communication and working relationships with senior management and other relevant stakeholders.
• Collaborate with external auditors, regulatory authorities, and other assurance providers to ensure effective coordination and avoid duplication of efforts.

Qualifications, Experience

• Bachelor’s degree in accounting or finance or business administration.
• CPA (K) or its equivalent. Other professional certifications such as Certified Internal Auditor (CIA), or Certified Information Systems Auditor (CISA) are highly preferred.
•  At least 5 years internal or external audit experience gained from reputable institutions preferably within the financial services industry.
•  Proficiency with audit analytics software.
•  Proficiency in use of MS Office applications.

go to method of application »