Job Title Group Manager Technology Assurance & Cyber Security Auditor
Reports to Group Lead, Technology Assurance & Cyber Security Auditor
Location TBC
JOB PURPOSE
The Technology Assurance & Cyber Security auditor role is responsible for examining and evaluating the effectiveness of the organization's internal controls, risk management, and governance systems, particularly in the domains of information technology, information security, and cyber security. This position ensures that the organization's IT infrastructure, data, and processes are secure, compliant with regulations, and aligned with strategic business objectives. The role also involves identifying areas of improvement and implementing effective IT activities to safeguard the organization against cyber threats.
JOB CONTEXT
This position will require the candidate to exhibit integrity, diversity, flexibility and objectivity. The candidate should have good insights and instincts, ability to proactively identify key risk and challenges and build partnership with various stakeholders.
The person would have the responsibility to ensure control weaknesses within Information Systems, Technology and Cyber Security are properly identified and monitored.
KEY RESPONSIBILITIES
1. Information Systems Audit and Cyber Security
• Conduct thorough audits of information systems to identify and mitigate potential risks related to information security and cyber security.
• Plan and execute risk-based audits of IT infrastructure, including networks, telecoms, operating systems, databases, business applications, and cyber security controls.
• Evaluate the effectiveness of existing information security measures and recommend enhancements to safeguard data and systems.
• Monitor and report on key IT and cyber security risks, ensuring timely mitigation of vulnerabilities.
• Perform regular reviews and assessments of new technology products/services, focusing on information security and cyber security risks.
• Participate in the review and evaluation of technology projects to ensure they meet security standards and compliance requirements.
• Share audit findings and recommendations for corrective actions with management, providing final reports promptly.
• Conduct ad-hoc reviews of critical business applications and processes to ensure robust security measures and compliance.
2. Risk Management and Compliance
• Assess risk appetite, escalation procedures, and decision-making processes within the risk management function, with focus on technology and cyber security risks.
• Ensure the adequacy of risk management systems and processes for identifying, measuring, assessing, controlling, responding to, and reporting on all risks resulting from the organization's activities.
• Verify the integrity of risk management information systems, ensuring data accuracy, reliability, and completeness.
• Oversee the approval and maintenance of risk models, ensuring consistency, timeliness, independence, and reliability of data sources.
• Focus on evaluating technological, information security, and cyber risks, ensuring robust defenses and compliance with all relevant regulations.
• Assess the effectiveness of operational resilience and cyber resilience frameworks to ensure continuity of critical business services and technology operations.
• Evaluate critical digital dependencies, third-party technology risks, and concentration risks associated with cloud services, digital platforms, and strategic technology providers.
• Review resilience preparedness, incident response capabilities, and recovery strategies relating to critical technology assets and cyber threats.
3. Audit Planning, Execution and Follow up
• Develop & Execute IT and cyber security audit programs tailored to the organization's needs, thoroughly examining all operational areas and guiding the collection of relevant data, documentation review, and communication of operational improvements.
• Engage with stakeholders to stay informed of changes and new initiatives, sharing audit perspectives on risk identification and mitigation.
• Utilize data analytics and automation tools — including SQL, Power BI, Power Automate, and Audit Command Language (ACL) — to develop continuous auditing tests across IT and business areas.
• Leverage AI-enabled assurance techniques, including predictive analytics, intelligent monitoring, and AI-assisted auditing, to enhance risk identification, continuous assurance, and audit effectiveness.
• Utilize advanced analytics and emerging technologies to proactively identify anomalous activities, control weaknesses, and emerging technology risks across the Group.
• Evaluate and verify that controls meet established assurance objectives, maintaining working paper evidence of control examinations.
• Follow up the implementation and effectiveness of issues identified during previous audits.
• Evaluate progress, address any lingering issues, and ensure continuous improvement.
• Develop and oversee the execution of the annual audit plan, ensuring it covers key risk areas and aligns with the group's strategic priorities.
• Align audit plan to the bank's strategy.
• Ensure execution of audit plan as approved by ETI Board of Directors.
• Ensure timely rendition of audit reports.
• Carry out Issue Assurance audit to ensure effective resolution of audit findings and recommendations.
• Perform periodic internal audit assessment and ongoing monitoring of internal audit performance.
• Manage budgets and costs of all the activities which he/she is accountable.
4. Investigation & Consulting
• Conduct ad-hoc investigations in cases of suspected fraud, misconduct, or irregularities, performing in-depth examinations of financial records, transactions, and employee activities.
• Follow up on the implementation and effectiveness of issues identified during previous audits, ensuring continuous improvement and compliance.
• Provide consulting services on internal controls, information security, and operational efficiency as requested by management.
• Assist external auditors, examiners, and consultants as needed.
QUALIFICATION AND EXPERIENCE
Background/Experience
Experience
• At least 10 years of experience in IT audit and cybersecurity.
• Extensive experience in technology assurance, including IT general controls, application controls, and cybersecurity audits, particularly within the banking or financial services industry.
• Expertise in data analytics and automation is an added advantage.
Knowledge and Skills
Technical Expertise
• In-depth understanding of cybersecurity frameworks, standards, and regulations (e.g., ISO 27001, NIST Cybersecurity Framework, CIS Controls, COBIT, PCI DSS, and SWIFT Customer Security Controls Framework (CSCF)).
• Knowledge of Basel II and III requirements, particularly in relation to technology and cybersecurity risk management.
• Comprehensive understanding of Anti-Money Laundering (AML) policies, Terrorist Financing regulations, and their implications for cybersecurity controls.
• Familiarity with the regulatory environment across Africa, especially in terms of cybersecurity and IT risk management.
• Working knowledge of cloud security audit (AWS, Azure, GCP), API security, DevSecOps, and Zero Trust architecture principles.
• Working knowledge of Python and data science techniques for audit analytics, automation, anomaly detection, and intelligent risk monitoring.
• Familiarity with AI assurance platforms and emerging technologies supporting AI governance, automated control testing, model validation, and continuous assurance.
• Experience with cloud-native security analytics, including assurance over cloud workloads, SIEM/SOAR platforms, hybrid cloud environments, and containerized infrastructures.
• Awareness of emerging technology risks, including AI/ML governance and security, and Identity and Access Management (IAM) controls.
Risk Management and Audit
• Excellent understanding of Risk-Based Audit principles and the ability to fully comply with IIA (Institute of Internal Auditors) standards.
• Solid understanding and ability to apply risk and control concepts in the context of technology and cybersecurity.
• Strong knowledge of IT governance, risk, and compliance best practices, with experience in assessing and mitigating technology and cybersecurity risks.
Analytical and Problem-Solving Skills
• Strong analytical skills with the ability to identify gaps in logic and an inquisitive mindset to challenge the status quo.
• Detail-oriented yet able to quickly grasp the big picture, understanding complex technology environments and identifying key risks and controls.
• Strong skills in negotiating, relationship building, problem-solving, and timely problem escalation.
Leadership and Management
• Proven track record of leadership and management in a complex, multi-affiliate environment, particularly in overseeing technology and cybersecurity audits.
• Proven experience in people management and leadership abilities, with the capacity to lead and mentor a team of IT and cybersecurity auditors.
• Ability to manage multiple projects simultaneously and meet deadlines, demonstrating a high degree of personal initiative and a proactive approach to work.
Communication and Interpersonal Skills
• Excellent communication skills, both written and verbal, with the ability to articulate complex technology and cybersecurity issues to non-technical stakeholders.
• Strong team player who collaborates effectively with colleagues and peers across the organization while being able to work independently when required.
• Demonstrates a positive, can-do attitude with a commitment to continuous improvement and professional development.
Other Requirements
• High degree of integrity, professionalism, and ethical standards, with a commitment to maintaining confidentiality and handling sensitive information with discretion.
• Demonstrates a strong understanding of the evolving technology landscape and keeps up-to-date with emerging cybersecurity threats and best practices.
Qualifications
• Master's Degree in Related Field, or Equivalent Combination of Work Experience and Education.
• Professional certifications such as CISA, CISSP, CIA, CEH, or equivalent.
PERSONAL ATTRIBUTES
• Ability to work effectively under pressure and meet deadlines.
• Strategic thinker with strong problem-solving capabilities.
• Culturally sensitive and able to work effectively in a diverse, pan-African environment.
• Excellent written and oral communication skills.
• Excellent time management and organizational skills.
• Good interpersonal skills.
• Analytical and result oriented skills.
