The role holder will be responsible for assessing and evaluating the adequacy and effectiveness of cybersecurity frameworks and strategies employed by licensed Financial Institutions through conducting vulnerability assessments and penetration tests (VAPTs).

Strategic Responsibilities
1. Contributes as appropriate to the overall achievement of the Central Bank’s strategic objectives.

Technical and Operational Responsibilities
2. Conduct comprehensive onsite surveillance of licensed Financial Institutions to ensure compliance with the relevant laws, regulations and guidelines. This will include normal inspection engagement activities, including examining the adequacy of IT risk management practices of a Financial Institution in support of the accuracy and reliability of Financial Statements.
3. Conduct Vulnerability Assessment and Penetration Tests (VAPTs) to evaluate the security of a Financial Institution’s IT systems, network and applications.
4. Document the results of inspection engagements in accordance with the Department’s guidelines using the Audit Management software., e.g. TeamMate.
5. Conduct Cybersecurity risk assessments of licensed Financial Institutions, covering internal, external and third-party Cyber risks. This includes risks associated with partnerships with Financial Technology (Fintech) companies on the introduction of new products and services.
6. Review Cybersecurity policies and procedures instituted by licensed Financial Institutions to ensure alignment with Prudential, Risk Management Guidelines and Best Practices.
7. Review licensed institutions’ annual reports on Cybersecurity audits and vulnerability assessments and follow up on the resolution of highlighted recommendations.
8. Analyse reported Cybersecurity incidences and prepare periodic reports.
9. Follow up with the supervised Financial Institutions on Cyber incidence response and recovery activities for business continuity.
10. Coordinate with other CBK departments, including Cyber Fusion Unit (CFU), Banking and Payment Services (BPS) and/or Information Technology Department (ITD) as required, to ensure that optimal guidance and response activities are undertaken by the affected institutions.
11. Monitor reported incidents to identify attack trends and determine suitable mitigation strategies.
12. Perform other additional tasks that the team will be involved in, including the preparation of various internal and external documents, e.g. memos, reports, and correspondence letters.
13. Any other responsibility as may be assigned by the Line Manager.

1. Bachelor’s Degree in Computer Science, Computing and Information Systems, Network Engineering or other IT/security/network-related degrees.
2. Certified Ethical Hacker (CEH), Licensed Penetration Tester (LPT), Offensive Security Certified Professional (OSCP), Cisco Certified Internetwork Expert (CCIE) Security, CSX Practitioner or related penetration testing certification with IT audit experience preferred.
3. Certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP) or related discipline.
4. Active membership in at least one (1) relevant professional body.

At least two (2) year post-qualification experience in Information Systems Audit or Cybersecurity review, vulnerability assessments and penetration test and any other relevant area.

Technical Competencies
1. Proficiency in using penetration testing tools e.g., Kali Linux, Nessus, Nipper, Burp Suite, Metasploit framework, Wirehsark, Acunetix, Netsparker, etc
2. In-depth knowledge of auditing practices, information security management, and regulatory compliance, specifically related to the Banking and Financial Sectors.
3. Good understanding of internationally accepted best practices for effective Bank Supervision and their application in supervision design and implementation.
4. Analytical skills to assess the effectiveness of IT controls and identify vulnerabilities.

Behavioural/ General Competencies
1. Leadership and management-ability to take responsibility for assigned tasks and to be part of a high performing team.
2. Communication- ability to speak clearly, fluently and in a compelling manner to both individuals and groups, ability to write in a clear and concise manner, using appropriate grammar, style and language for the reader and have good presentation skills.
3. Interpersonal skills- creates rapport with others and develops effective communication and team spirit with colleagues.
4. Personal Motivation and Drive- commits self to work hard towards goals. Shows enthusiasm and career commitment.
5. Adaptability/Flexibility - ability and willingness to be flexible, to adapt to and work effectively within a variety of changing situations and with various individuals and groups.
6. Professionalism –maintains a professional approach based on ethics and CBK values.
7. Integrity, Honesty and Ethics- ensures ethical practices and integrity and ensures CBK is not put at reputational risk.
8. Resilience – is able to withstand strategic and operational challenges and maintain momentum.
9. Emotional Intelligence-manages emotions in a mature and composed manner as expected of a CBK staff member.

Register / Login to apply for this job

Register Login