Job Summary
An exciting opportunity has become available for an experienced Cyber Security Audit Executive to join Absa's Group Internal Audit as Head of Audit: Cyber Security.
The role is responsible for leading the delivery of independent, objective, and risk-based assurance over the Group's cyber security and information security risk management capability. The successful incumbent will manage the cyber audit portfolio, lead a team of specialist auditors, and provide insightful assurance.
Job Description
Key Accountabilities
Lead and deliver the Cyber & Information Security audit portfolio in line with the approved riskÃÂâÃÂÃÂÃÂÃÂbased audit plan and Internal Audit methodology.
Plan, scope, execute, and report on cyber and information security audits, providing clear conclusions on control effectiveness and residual risk.
Provide assurance over the effectiveness of cyber governance, risk management, and key security controls across the organisation.
Identify and communicate thematic and systemic cyber risks, emerging threats, and control weaknesses to senior management and governance forums.
Engage senior stakeholders as a trusted assurance partner while maintaining independence and objectivity.
Lead, coach, and develop a team of cyber and technology auditors, driving consistent quality and professional judgement.
Ensure all audit work is conducted in line with the Internal Audit Charter, professional standards, legislation and quality expectations.
Typical Areas of Audit Coverage
Cyber and information security governance and risk management capability
Identity and access management, including privileged access
Vulnerability management, patching, and secure configuration
Security monitoring, logging, detection, and response
Cyber security tooling adoption and operational effectiveness
ThirdÃÂâÃÂÃÂÃÂÃÂparty and supplier cyber risk oversight
Secure design and change controls for new solutions and major system changes
Data protection and endpoint security controls
Cyber awareness and training programmes
Artificial Intelligence adoption
ÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂEducation and Experience Required
Bachelor's degree in Technology, Computer Science, Information Systems, Accounting, or a related field.
10+ years' experience in Internal Audit, Technology Risk, and Cyber Security assurance, including experience leading cyber or technology audit portfolios.
Proven people leadership experience within an assurance or risk environment.
ÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂProfessional Certifications (Preferred)
CISA (essential or strongly preferred)
One or more of: CISSP, CISM, CRISC, CCSP
Cloud certifications (Azure / AWS) advantageous
ÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂÃÂâÃÂÃÂÃÂÃÂSkills and Competencies
Strong understanding of cyber security risks, controls, and assurance practices
RiskÃÂâÃÂÃÂÃÂÃÂbased audit planning and sound professional judgement
Ability to translate complex technical issues into clear business and risk impact
ExecutiveÃÂâÃÂÃÂÃÂÃÂlevel communication and stakeholder engagement
High ethical standards, independence, and integrity
Education
Postgraduate Degrees and Professional Qualifications: Financial Sciences (Required), Postgraduate Degrees and Professional Qualifications: Statistics (Required)
End Date: March 7, 2026