Audit Portfolio Manager Cyber
Johannesburg, ZA
Nedbank
Get a financial partner who will help, guide and support you on your personal journey.Requisition Details & Talent Acquisition Contact
REQ 133209- Tshego Semenya
Location: Johannesburg
Closing date: 26 April 2024
Cluster
Group Risk
Career Stream
Auditing
Leadership Pipeline
Manage Self Professional
Position
Audit Portfolio Manager: Cyber
Job Purpose
The objective and scope of work of GIA is to determine whether the Group’s systems of internal controls, risk management and governance, as designed and operated by management, are adequate and effective.
The scope of GIA’s work is determined by a risk-based approach and so the key risks facing the Group, including subsidiaries, and the requirements of the GAC, subsidiary Audit Committees and the Group and subsidiary Executive Committees. This should include alignment to business strategic priorities.
Job Responsibilities
The Audit Portfolio Manager – Cyber, in the discharge of his / her duties, shall be responsible, inter alia, to the Nedbank Group CIA / Portfolio Executives / Senior Audit Manager to:
Support the periodic assessments of the outcomes of internal audit work to appropriate governing bodies, including the GAC, Board Risk Committee, Executive IT Committee (EITCO) and Group IT Committee (GITCO);
- Report on the overall effectiveness of the governance, risk and internal control framework of the Group;
- Comply with regulatory and corporate governance expectations of the internal audit functions;
- Report significant Cyber issues related to the processes for controlling the activities of the Group, including potential improvements to those processes;
- Report periodically on the progress of the Cyber audit plan delivery;
- Have in place a robust process to follow-up on management’s agreed actions to address Cyber issues raised by GIA;
- Responsible for the delivery and measurable performance of their respective Cyber portfolio, including audit plan delivery;
- Apply judgement to provide an overall audit opinion on the Cyber system of internal controls of the Group;
- Provide insights from the outcomes of internal Cyber audit work to appropriate governing bodies;
- Maintain an open and constructive relationship as a Trusted Advisor with senior internal and external stakeholders including External Audit, Business Executives and other GIA Heads of Audit;
- Implement effective and efficient audit processes to ensure that audit processes are optimized and comply with the relevant governance expectations of internal audit functions;
- Develop and maintain relationships with business and key stakeholders to ensure robustness and completeness of audit coverage and contribute at an insight generator / trusted advisor to business to enhance assurance provided over the control environment;
- Contribute to the development of a 12-month rolling audit plan (including Cyber) using a risk-based methodology, taking into consideration specific business strategic focus areas, regulatory requirements pertaining to internal audit, as well as including any risks or control concerns identified by management, the GAC and the Board;
- Deliver and report on the rolling Cyber risk-based internal audit plan;
- Have a robust process in place to follow-up and report on management’s progress in implementing agreed actions to address Cyber issues identified by GIA; and
- Maintain an open and constructive relationship with the CIA, GIA HoA: Digital & Technology, Business executives, and key stakeholders (including GIA Heads of Audit) by providing value added services and sharing information.
Job Responsibilities Continue
- Implement the vision and strategy including the leadership and culture philosophy, stakeholder approach and internal methods and tools. This should include alignment to the Nedbank and Business Unit strategy;
- Exhibit diverse, visionary and inspirational leadership - promoting a globally competitive financial sector;
- Actively participate in the Group’s Combined Assurance Model;
- Build a high-performance team through managing resources, retention and critical staff;
- Manage performance of reports and hold them accountable for managing the performance of their reports by taking corrective action as required, recognising and rewarding the team;
- Actively build a culture of improvement by ensuring the design and implementing active talent management, succession planning strategies for division and obtaining buy-in from relevant stakeholders;
- Optimise performance and motivation by holding managers and auditors accountable for developing their staff and themselves;
- Empower team to make decisions and recommend tailored solutions to business unit specific problems, through coaching and mentoring practices;
- Facilitate engagement and information sharing sessions amongst peers. Synergies across clusters and business units achieved;
- Take ownership and accountability for tasks and activities and demonstrate effective self-management;
- Follow through to ensure that quality and productivity standards of own work and team are consistently and accurately maintained;
- Support and drive the business's core values;
- Respond openly and constructively to feedback (positive and negative);
- Be a vision-led and values-driven leader; and
- Embodiment of the following characteristics:
Risk Optimiser
- Understanding that risk is at the centre of everything in banking
- Developing the appropriate risk appetite
- Managing risk without stifling innovation
- Being sensible about risk
Client Centric Advocate
- Placing the client at the centre of everything you do
- Being relationship focussed (as opposed to product or mono-line focussed)
- Collaborating with colleagues across organisational boundaries
Execution Expert
- Having a bias for action
- Focussing efforts on execution and implementation
- Practicing decisive leadership
- Simplifying things
Strategist
- Being a strategic thinker
- Being a strategic translator
- Being a strategic doer
- Facilitating strategic dialogue
Essential Qualifications - NQF Level
- Advanced Diplomas/National 1st Degrees
Preferred Qualification
- Minimum required qualification: Commercial or related degree;
- CISA; CRISK; CISM; CISSP (or another relevant IT Qualification)
Essential Certifications
- Certified Information Systems Auditor (CISA) and optional Certified Internal Auditor (CIA)
- Certified Internal Auditor (CIA) or Certified Information Systems Auditor (CISA) or Certified Financial Services Auditor (CFSA)
Minimum Experience Level
The following minimum experience is required:
- 8 – 10 years financial services experience in a senior position;
- Cyber experience in a Banking institute;
- Ability to operate independently; and
- Leadership experience leading teams.
The following additional experience is preferred:
- Significant technical knowledge on Digital (i.e. Network Architecture, Database, Disaster Recovery, IT General Controls, Mainframe, System Configurations, Online Banking and Mobile Apps etc.), and its supporting technologies and processes.
Technical / Professional Knowledge
- Audit reporting
- Audit standards and practices
- Banking knowledge
- Governance, Risk and Controls
- Ethics and Fraud
- Reputational risk management
- Information technology
- Business writing skills
- Regulatory, Legal and Economics Principles
- Business Acumen
Disclaimer
Preference will be given to candidates from the underrepresented groups
Please contact the Nedbank Recruiting Team at +27 860 555 566
---------------------------------------------------------------------------------------
Please contact the Nedbank Recruiting Team at +27 860 555 566
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Banking CIA CISA CISM CISSP Governance Mainframe Risk management Strategy
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs