Examiner-IT and Cyber Security (CBs & NBFIs) 

Job Description

RANK           :  SBOII

REPORTS TO    :  Team Leader – Cyber Security Audits (CBs & NBFI)                   

SUPERVISES    :  None

JOB PURPOSE:

To assess, monitor, and enforce compliance with IT governance, cybersecurity, and digital banking risk management standards in Commercial Banks and Non-Bank Financial Institutions. The role ensures that financial institutions maintain secure, resilient, and compliant technology environments to safeguard the stability of the financial system and protect customer data. This includes conducting regular inspections, identifying potential vulnerabilities, and recommending enhancements to mitigate IT and Cyber threats.

DUTIES AND RESPONSIBILITIES:

Examination and Assessment

• Conduct onsite and offsite IT and Cyber examinations of financial institutions.
• Evaluate IT governance structures, cybersecurity frameworks and resilience against operational disruptions.
• Review core banking systems, payment platforms and emerging digital banking channels.
• Assess the adequacy IT General Controls (ITGCs), application controls, and disaster recovery/business continuity plans.

Risk & Compliance Review

• Evaluate banks’ compliance with regulatory requirements, including BOU guidelines, Basel III operational risk standards and data protection regulations.
• Assess implementation of cybersecurity frameworks (ISO 27001, NIST CSF, CIS Controls).
• Identify and report deficiencies, systemic risks, and non-compliance issues.

Incident Response Oversight

• Regularly monitor banks’ responses to major IT or cybersecurity incidents.
• Assess incident root cause analysis, remediation actions, and communication to stakeholders.
• Recommend improvements banks’ incident detection and response capabilities.

Reporting & Enforcement

• Prepare clear and concise examination reports with findings, risks, and regulatory recommendations.
• Present examination outcomes at both EXCO and Board exit meetings.
• Recommend enforcement actions for non-compliance, including sanctions where necessary.

Policy Development & Advisory

• Contribute to the development and updating of IT and Cyber supervisory policies.
• Provide technical advisory to other examiners and bank supervision teams on IT risk trends

Stakeholder collaboration

• Work closely with SFIs, other regulatory bodies and cybersecurity experts to enhance the overall cybersecurity framework.

EXPECTED OUTPUTS/DELIVERABLES

• IT and Cybersecurity institutional and sector wide risk profile
• IT and Cyber Security inspection Reports
• Proposed Cyber and Technology guidelines.
• Incident reports and remediation actions.
• Draft collaboration reports, which document collaboration with other regulatory authorities, stakeholder feedback reports and cybersecurity experts.
• Quarterly and Annual sector wide IT and cybersecurity report.

PERSON SPECIFICATION

A. Minimum Qualifications

• First Class or Second Class Upper Bachelor’s degree in Information Technology, Computer Science, Information Systems, Cybersecurity, Computer Engineering or a closely related field.
• Possession of at least one of the certifications as; a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Certified in Risk and Information Systems Control (CRISC) with ISO 27001 Lead Auditor or CompTIA Security+ is mandatory.
• A master’s degree in any of the aforementioned fields is an added advantage.

Experience

• Minimum 5 years of relevant work experience in IT audit, cybersecurity, or risk management, preferably in a Financial Institution or Audit Firm.
• Familiarity with national and international cybersecurity standards such as NIST, ISO 27001 among others.  

Technical skills

• Excellent Report writing skills
• In-depth knowledge of cyber security principles, threat landscape and best practices.
• Strong understanding of the SFIs systems and the regulatory environment.
• Proficiency in cybersecurity risk assessment and management.

    Behavioral skills

• Integrity
• Transparency and accountability
• Excellence
• Teamwork
• Analytical thinking and problem solving
• Interpersonal and stakeholder engagement
• Planning and organizing skills
• Innovativeness 

PHYSICAL DEMANDS OF THE JOB:

• The job requires long hours of various system performance reviews and assessment to determine vulnerabilities.
• The job requires assessment of both CBs and NBFIs which is physically exhausting.

CLICK HERE TO APPLY