The Manager, Cyber Security Audit is responsible for conducting cyber risk assessments for assigned assignments and performing independent threat and vulnerability assessments. This role involves penetration testing of the bank’s ICT systems to evaluate the effectiveness of the cybersecurity control framework and report on identified risks. The manager acts as an independent advisor, ensuring that cybersecurity operations align with KCB Group policies, regulatory requirements, and industry standards.
Key Responsibilities
Conduct cyber risk assessment for assigned cyber security audit and advisory assignments.
Perform independent threat and vulnerability assessment and penetration test audits of the bank’s ICT systems to assess the effectiveness of the cybersecurity control framework and report on cyber risks noted.
Serve as an objective and independent advisor to business functions by providing assurance that cyber security operations and processes conform to current KCB group policies and procedures, regulatory requirements as well as applicable legislation.
Conduct walkthroughs, testing of controls, and negotiating potential issues for Technology audits within the cybersecurity and infrastructure portfolio, including scope areas such as identity and access management, asset classification, network security, operating system security, database security, web application security, mobile application security, public cloud (AWS/GCP/Azure) environments, vulnerability management, endpoint protection, etc.
Identify and evaluate significant cyber security risk exposures and contribute to the improvement of technology risk management and control systems.
Ensure cyber security audits are performed in accordance with the International Professional Practices Framework (IPPF) and the bank’s internal audit methodology.
Documents the results of audit work in accordance with internal audit guidelines and the Institute of Internal Auditors (IIA) standards.
Maintain respectful and effective communications and relationships with key stakeholders pre, during and post audit assignments to ensure alignment of audit objectives to Bank strategy.
Follow up on the implementation of audit recommendations, identifying and reporting any gaps that may derail implementation of audit recommendations.
Keep the organisation updated on cyber security industry trends, regulatory changes, and best practices in internal auditing as well as developments in the Banking industry and business environments.
Minimum Requirements
Academic & Professional Qualifications:
Bachelor’s Degree in Information Technology, Electrical Engineering, or Computer Science (Required).
Professional Qualifications in Information Systems Audit/Security: CISA, CISM, or CISSP (Added Advantage).
Professional Qualifications in Vulnerability Assessment and Penetration Testing: OSCP, CCIE Security, CRTO, CRTP, CRTE, CRTM, or CPTS (Required).
Master’s Degree in IT, MBA, or Computer Science (Added Advantage).
Experience:
Minimum 4 years of total professional experience.
4 years of experience in Cyber Security Reviews, Vulnerability Assessments, and Penetration Testing.
3 years of experience in IT Security and/or IT Audit.
1 year of experience in Red Team Exercises (Added Advantage).
2 years of experience in Stakeholder management.
How to Apply
Interested and qualified candidates should apply online through the KCB Bank recruitment portal. Access the application link here: KCB Bank Kenya on eoin.fa.em3.oraclecloud.com. Ensure you complete your profile and attach all necessary documentation before the deadline.
How to Apply
Interested and qualified candidates should apply online through the KCB Bank recruitment portal hosted on Oracle Cloud. Access the application link here: Apply on KCB Oracle Cloud Portal. Make sure to submit your application by the deadline on March 6, 2026.
