Engineer Cyber Security Assurance

Company Details
Name:NCBA Group
Industry: Banking
Description: On 6th December 2018, it was announced that NIC Bank, an institution with a rich history of retail banking; and CBA Bank, a forerunner of innovation in the banking space, would be merging to form a new bank with unmatched strength, expertise and regional reach.
,,,,
,,,The new NCBA has harnessed t…
On 6th December 2018, it was announced that NIC Bank, an institution with a rich history of retail banking; and CBA Bank, a forerunner of innovation in the banking space, would be merging to form a new bank with unmatched strength, expertise and regional reach. ,,,, ,,,The new NCBA has harnessed the power of both NIC and CBA to create a bank that brings together the best of both worlds — from cutting edge mobile banking to good old-fashioned relationship management; from scalable business banking to financial services that grow as your business does; from best-in-class choice of products to investment solutions tailored to your specific needs. ,,,, ,,,Our extensive branch network and friendly service mean that you are part of the most universal yet personal bank in East Africa. View more View less
Job Details
Job Type: Full Time
Workplace Type: On-site
Qualification: Diploma
Job Experience: Mandatory
Job Location: Nairobi County, Kenya
Closing Date: Undisclosed
Salary: Undisclosed
Other Pay: Benefits
Job Category: Telecommunications
Job Description

Job Purpose Statement

The Cybersecurity Assurance Specialist role will be responsible for conducting General IT Controls (GITC) assessments within production systems. This proactive role aims to audit production environments before compliance teams flag potential issues, ensuring vulnerabilities, gaps, and misconfigurations are identified and remediated. The primary focus will be on auditing critical IT controls and configurations to maintain and enhance the organization’s security posture. For issues that cannot be immediately addressed, the role will ensure they are properly documented in the Risk Control Self-Assessment (RCSA) for further remediation and mitigation. 

Key Accountabilities (Duties and Responsibilities)

Proactive GITC Auditing and Vulnerability Identification 30% 

  • Conduct regular audits of production systems to assess GITC and identify gaps in configurations, security controls, and vulnerabilities. 
  • Perform a thorough review of access controls, system configurations, data integrity, and compliance with internal policies and industry standards. 
  • Identify security risks and proactively recommend appropriate remediation actions to mitigate threats. 

Risk Control Self-Assessment (RCSA) Documentation 30% 

  • Work closely with Governance and Compliance teams to document key findings in the RCSA. 
  • For any gaps or issues that cannot be immediately resolved, ensure they are properly recorded and tracked in the RCSA, with clear action plans for resolution. 
  • Continuously review and update the RCSA to reflect the current security and compliance posture of production systems. 

Collaboration and Reporting 20% 

  • Provide regular reports and recommendations to management and stakeholders on the status of audits, security risks, and remediation efforts. 
  • Collaborate with internal teams such as the IT, security, and operations teams to ensure that gaps are effectively closed and issues are remediated in a timely manner. 
  • Support ongoing compliance initiatives by providing insights into security vulnerabilities and assisting with external audits. 

Support and Continuous Improvement 20% 

  • Assist in the preparation and execution of internal penetration tests and security assessments. 
  • Continuously assess and improve the current auditing and testing processes for efficiency and effectiveness. 
  • Provide recommendations on tools, processes, and methodologies to enhance the security posture of production systems. 

Job Specifications

  • Minimum of 4 years of experience in IT auditing, specifically in GITC, vulnerability assessments, and security controls within production systems. 
  • Strong knowledge of security frameworks, regulatory standards (ISO 27001, NIST, SOC 2, GDPR), and security testing tools. 
  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field; certifications such as CISA, CISSP, or CISM are preferred. 
  • Experience as an IT Auditor in GITC, with expertise in auditing production systems, access controls, and the general audit lifecycle. 
  • Strong attention to detail, communication skills, and ability to identify and resolve risks proactively. 
  • Excellent analytical and problem-solving skills, with the ability to manage multiple audit tasks and collaborate with cross-functional teams. 
444 open positions on Semasocial right now · 7531 open positions in Nairobi County, Kenya · 56 posted in the last 7 days
CV Job Description Matcher See how well your CV matches this job and get tips to improve your chances AI Tool

This tool helps you see how closely your CV matches a job description. It also gives you simple suggestions on what to improve so you have a better chance of getting shortlisted.

Beware of Fraudsters!
Never pay anyone for job applications, interview tests, or job interviews. A genuine employer will never ask you for payment under any circumstances.
Disclaimer & TOS: We do not guarantee the authenticity of every single job posting and are not responsible for any fraudulent activity or misrepresentation by third parties. We are not involved in any stage of the interview or recruitment process and do not charge any fees from job seekers. For further details, please read the rest of the Terms of Service.