Job Description
The Information System Audit department is a function within the Audit division. The department is responsible for providing objective and independent assurance that the bank’s Information Systems are appropriate, well utilized, reliable and secure while giving commensurate recommendations on areas of improvement.
Reporting to the Head, Information Systems Audit, the Information Systems Auditor will give objective and independent assurance that the bank’s Information Systems are appropriate, well utilized, reliable and secure while giving commensurate recommendations on areas of improvement.
Key Responsibilities:
• Contribute to conducting cyber risk assessment for assigned audit assignments
• Perform IT general and IT application control reviews on information systems to give assurance on effectiveness and efficiency of control environment, and compliance to KCB Group policies and Central Bank of Kenya (CBK) Prudential guidelines.
• Perform independent threat and vulnerability assessment tests and report on cyber risks and controls of the ICT systems within the bank and other related third-party connections.
• Conduct comprehensive penetration tests of the bank’s web-based applications, mobile applications, networks, and ICT systems to assess the effectiveness of the cybersecurity framework implemented by the bank.
• Documents the results of audit work in accordance with internal audit guidelines and the Institute of Internal Auditors (IIA) standards.
• Share knowledge, skills, and experience with team members.
• Perform other related duties as assigned.
The Person:
For the above position, the successful applicant should meet the following criteria:
• Bachelor's Degree in a Computer Science, Information Technology, Electrical Engineering, or a Related field from a university recognized by Commission for University Education.
• Must Possess CISA, CISM or CISSP or a related information systems audit certification.
• Must Possess CEH/LPT/OSCP/CCIE Security/CSX Practitioner or a related penetration testing certification.
• Master's degree is an added advantage
• A minimum 5 years' experience covering 2 years in Information System Audit and 3 years in performing cyber security reviews, vulnerability assessments and penetration tests.
• Proficiency in using penetration testing tools e.g., Kali Linux, Nessus, Nipper, Burp suite, Metasploit framework, Wireshark, Acunetix, Netsparker, Mobsf, Frida, Objection etc.
• Proficiency in performing web application and mobile application security assessments.
• Proficiency in the use of audit management software e.g., TeamMate.
• Excellent Customer Service and strong Business Analytical skills.
• Demonstrated leadership ability with initiative & self-drive.
• Superior communication and inter-personal skills, including report writing.
• Effective planning, organizing and problem-solving skills.
The above position is demanding; for which the Bank will provide a competitive remuneration package to the successful candidate. If you believe you can clearly demonstrate your abilities to meet the criteria given above, please log in to our Recruitment portal and submit your application with a detailed CV.
To be considered your application must be received by Friday 22nd April 2022.
Qualified candidates with disability are encouraged to apply.
Only short-listed candidates will be contacted.
NB: If you are invited to interview for any positions, we will require that you provide us with the following documents:
• National I.D.
• KRA Pin Card.
• Birth Certificate of self.
• Passport Photo (White Background).
• NSSF Card.
• NHIF Card.