Cybersecurity Assurance Specialist at NCBA Group

Job Purpose Statement

The Cybersecurity Assurance Specialist is responsible for conducting General IT Controls (GITC) assessments within production systems. This proactive role aims to audit production environments before compliance teams flag potential issues, ensuring vulnerabilities, gaps, and misconfigurations are identified and remediated. The primary focus will be on auditing critical IT controls and configurations to maintain and enhance the organization’s security posture. For issues that cannot be immediately addressed, the role will ensure they are properly documented in the Risk Control Self-Assessment (RCSA) for further remediation and mitigation

Key Accountabilities (Duties and Responsibilities)

Proactive GITC Auditing and Vulnerability Identification (30%):

• Conduct regular audits of production systems to assess GITC and identify gaps in configurations, security controls, and vulnerabilities.
• Perform thorough reviews of access controls, system configurations, data integrity, and compliance with internal policies and industry standards.
• Identify security risks and proactively recommend appropriate remediation actions to mitigate threats.

Risk Control Self-Assessment (RCSA) Documentation (30%):

• Work closely with Governance and Compliance teams to document key findings in the RCSA.
• Ensure that any gaps or issues that cannot be immediately resolved are properly recorded and tracked in the RCSA, with clear action plans for resolution.
• Continuously review and update the RCSA to reflect the current security and compliance posture of production systems.

Collaboration and Reporting (20%):

• Provide regular reports and recommendations to management and stakeholders on the status of audits, security risks, and remediation efforts.
• Collaborate with internal teams such as IT, security, and operations to ensure that gaps are effectively closed and issues are remediated in a timely manner.
• Support ongoing compliance initiatives by providing insights into security vulnerabilities and assisting with external audits.

Support and Continuous Improvement (20%):

• Assist in the preparation and execution of internal penetration tests and security assessments.
• Continuously assess and improve current auditing and testing processes for efficiency and effectiveness.
• Provide recommendations on tools, processes, and methodologies to enhance the security posture of production system

Job Specifications

• Minimum of 4 years of experience in IT auditing, specifically in GITC, vulnerability assessments, and security controls within production systems.
• Strong knowledge of security frameworks, regulatory standards (ISO 27001, NIST, SOC 2, GDPR), and security testing tools.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field; certifications such as CISA, CISSP, or CISM are preferred.
• Experience as an IT Auditor in GITC, with expertise in auditing production systems, access controls, and the general audit lifecycle.
• Strong attention to detail, communication skills, and ability to identify and resolve risks proactively.
• Excellent analytical and problem-solving skills, with the ability to manage multiple audit tasks and collaborate with cross-functional teams