Internal Audit Manager: Cyber Security at Absa Group Limited (Absa)

About the Job

Job Summary

• The Cyber Security Audit Manager (Vice President) role is a specialist role in the Absa Internal Audit function.
• The role is mainly responsible for the planning, execution and management of cyber security audits in accordance with the bank’s audit plan, relevant policies, procedures and quality standards covering information systems, network technologies, security solutions and cyber processes.

Job Description

The Cyber Security Audit Manager will be required to perform the following:

• Use knowledge of cyber security practices such as penetration testing, configuration management, network management, patch management, vulnerability management, cyber incident response, identity and access management, cloud security and encryption to conduct audits using the audit function’s methodology.
• Develop and maintain relationships with accountable stakeholder management within the bank. The Cyber Security Audit Manager should be able to present effectively at stakeholder meetings and forums (e.g.: Risk and Governance Forums) by sharing knowledge and information, including methodology, standards, changes and new developments, with business stakeholders on an ongoing basis.
• Use business knowledge, and outcomes of assurance work and continuous monitoring to assess evolving risks and the control environment of the bank. The Cyber Security Audit Manager will be required to write high quality reports for presentation at Risk and Governance forums.
• Participate and prepare the annual audit plan by taking into account the risk and control profile, business strategy and material risks affecting the business.
• Take ownership and initiative, to negotiate, influence and build consensus and successfully navigate audit delivery within timelines and quality criteria. Leading internal audit project teams, working closely with peer VPs, define audit scopes and oversee audit testing, including drafting internal audit findings and reports for discussion with senior management. This includes a strong acumen regarding auditing methods and industry practices for technology, cyber and information security risks.
• Drive advancement and development in the analytics and robotics automation space through defined strategic initiatives. This will include finding efficient means of performing audit procedures.
• Improve technical knowledge through self-learning or training including mandatory Continuous Professional Education requirements.

Knowledge & Skills:

• Up-to-date knowledge of cyber threats, techniques and processes.
• Ability to define risks, controls and testing strategies in accordance with leading practice requirements.
• Technical skills required to assess the security of network devices (Routers, Switches, Firewalls, Proxies, etc.), security solutions (Anti-virus, End-Point Detection and Response etc.), information systems (Operating Systems, Databases and Applications) and supporting processes.
• Internal and External vulnerability assessments and penetration testing.
• Ability to articulate complex issues clearly.
• Report writing.
• Cyber and information security risk management, monitoring and reporting.
• Awareness of regulatory and compliance environment Level.
• Manage time, resources and budget effectively Level.
• Industry and product knowledge.

Accountability: Reporting

• Assess, challenge and monitor and prepare high quality, relevant and insightful reporting for risk committees in ITO and Group wide. Include audit delivery, issue validations, business monitoring insights and key MI relating to open/overdue/reopened audit issues etc, drivers for our CE and MCA assessments, emerging/watching brief risks. Ensure data integrity and factual accuracy of report prior to submission to EL/PH for review.
• Review and check and challenge first and second line of defense reporting on the control environment and management control approach.
• Strong collaboration with the Centers of Excellence (CoE) counterparts to derive insights for impactful reporting.

Accountability: Audit Planning

• Actively participate and provide high quality, relevant and impactful audits for ITO in the annual audit planning process. Manage and facilitate the planning deliverables and interlocks with the wider IA.
• Report progress on Combined Assurance testing performed by IA, closely monitor ITO combined assurance strategy/progress, and actively participate in the combined assurance and risk forums.

Accountability: Management & Leadership 15%

• Provide thought leadership and input into the strategy for the ITO IA Team.
• Actively play a senior role in the ITO Management Committees and develop and maintain relationships with key stakeholders during audits and business monitoring activities. Present effectively at stakeholder meetings and forums to share knowledge and information including methodology, standards, changes and new developments with business stakeholders on an ongoing basis.
• Engage proactively with the wider Internal Audit colleagues and request technical assistance where required from the Centers of Excellence during audits, business monitoring, reporting, planning etc.
• Mentor and coach less experienced team members by providing guidance around the methodology, audit process and the RB business.
• Support IA management team to identify, attract, develop and retain talent on an on-going basis and in measuring productivity and growth of staff by ensuring that Evaluation Forms are maintained for all audits and regular performance feedback to staff throughout the year, recognizing strengths and comprehensive development and training plans for key development areas identified.

Accountability: Knowledge Management

• Improve technical knowledge and ongoing learning, specific training including mandatory continuous Professional Education requirements.
• Share knowledge in area of responsibility with the team to ensure that audit activities are planned effectively and completed in line with quality standards and audit methodology.
• Present effectively at stakeholder meetings and forums (e.g. Risk and Governance Forums etc.) by sharing knowledge and information, including methodology, standards, changes and new developments, with business stakeholders on an ongoing basis.
• Working with colleagues in Business Units to provide requisite expertise in key areas where specific specialist knowledge is required to deliver appropriate, value-added assurance.

Minimum Requirements

• B Degree (Commercial, Informatics, Statistics)
• B Degree Honours (Commercial, Informatics, Statistics)
• CIA, CISA, CISM, CISSP or relevant qualification
• Relevant banking industry qualification (e.g. SA Institute of Bankers)

Essential:

• 5 years’ experience in Internal/External audit or commensurate experience in a major financial institution or Big 4 audit firm
• 5 years’ experience in risk based auditing or risk/control activities.
• 3 years’ experience in managing a team

Competencies: (Maximum of 8 competencies)

• Independent in practice and in thought.
• Engaged with a visible level of presence.
• Drive the right risk culture in the business.
• Growth mind set, curious and open to teaching and learning.
• Confident to responsibly challenge.
• Ability to manage conflicts.
• Influential, Personal accountability.
• Crisp and clear communicator, verbally and in writing.
• Focused without adopting a silo mentality.

Education

• Bachelor`s Degrees and Advanced Diplomas: Business, Commerce and Management Studies (Required)