JOBS: Information Systems Auditor at KCB Bank Kenya
Kenya Commercial Bank Limited is registered as a non-operating holding company that started operations as a licensed banking institution with effect on January 1, 2016. The holding company oversees KCB Kenya - incorporated with effect from January 1, 2016 - and all KCB's regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia, and South Sudan.
Leah Mukangai 
The Position:
The Information System Audit department is a function within the Audit division. The department is responsible for providing objective and independent assurance that the bank’s Information Systems are appropriate, well utilized, reliable and secure while giving commensurate recommendations on areas of improvement.
Reporting to the Head, Information Systems Audit, the Information Systems Auditor will give objective and independent assurance that the bank’s Information Systems are appropriate, well utilized, reliable and secure while giving commensurate recommendations on areas of improvement.
Key Responsibilities:
- Contribute to conducting cyber risk assessment for assigned audit assignments
- Perform IT general and IT application control reviews on information systems to give assurance on effectiveness and efficiency of control environment, and compliance to KCB Group policies and Central Bank of Kenya (CBK) Prudential guidelines.
- Perform independent threat and vulnerability assessment tests and report on cyber risks and controls of the ICT systems within the bank and other related third-party connections.
- Conduct comprehensive penetration tests of the bank’s web-based applications, mobile applications, networks, and ICT systems to assess the effectiveness of the cybersecurity framework implemented by the bank.
- Documents the results of audit work in accordance with internal audit guidelines and the Institute of Internal Auditors (IIA) standards.
- Share knowledge, skills, and experience with team members.
- Perform other related duties as assigned.
The Person:
For the above position, the successful applicant should meet the following criteria:
- Bachelor's Degree in a Computer Science, Information Technology, Electrical Engineering, or a Related field from a university recognized by Commission for University Education.
- Must Possess CISA, CISM or CISSP or a related information systems audit certification.
- Must Possess CEH/LPT/OSCP/CCIE Security/CSX Practitioner or a related penetration testing certification.
- Master's degree is an added advantage
- A minimum 5 years' experience covering 2 years in Information System Audit and 3 years in performing cyber security reviews, vulnerability assessments and penetration tests.
- Proficiency in using penetration testing tools e.g., Kali Linux, Nessus, Nipper, Burp suite, Metasploit framework, Wireshark, Acunetix, Netsparker, Mobsf, Frida, Objection etc.
- Proficiency in performing web application and mobile application security assessments.
- Proficiency in the use of audit management software e.g., TeamMate.
- Excellent Customer Service and strong Business Analytical skills.
- Demonstrated leadership ability with initiative & self-drive.
- Superior communication and inter-personal skills, including report writing.
- Effective planning, organizing and problem-solving skills.
