Cybersecurity Review Analyst

Empowering Africa’s tomorrow, together…one story at a time.

My Career Development Portal: Wherever you are in your career, we are here for you. Design your future. Discover leading-edge guidance, tools and support to unlock your potential. You are Absa. You are possibility.

Job Summary

The Cybersecurity Review Analyst role exists to ensure the bank maintains a strong cybersecurity posture by leading and coordinating control reviews, assurance activities, and risk assessments across its technology landscape. This role ensures compliance with internal policies and regulatory requirements, identifies control gaps, and provides actionable insights to enhance cyber governance, risk management, and issue remediation. Operating within the First Line of Defence (FLOD), the analyst supports the robustness of cyber risk governance in alignment with the Enterprise Risk Management Framework and contributes to the bank’s combined assurance approach. The role involves conducting independent assurance engagements, supporting internal audit and regulatory reviews, and promoting continuous improvement across Cyber and Technology functions.

The role holder will undertake assurance engagements with limited supervision, reporting directly to the Information Systems Risk& Control Lead and engage senior stakeholders to strengthen the control environment through workshops, reviews, and strategic input.

The role holder will be responsible for the following:

Planning and executing end-to-end cybersecurity risk and control reviews across the bank’s technology landscape.
Conducting risk assessments and issue validations to support internal audit and regulatory engagements.
Supporting cybersecurity governance, including monitoring emerging threats, managing privileged access, recertification campaigns and supporting the implementation of security frameworks and awareness programs.
Identifying and reporting control gaps and providing recommendations for remediation and improvement.
Supporting ad-hoc assurance tasks and contributing to the bank’s combined assurance efforts.
Tracking, monitoring, and ensuring timely remediation of significant control and material issues.
Facilitating workshops and stakeholder engagements to promote control awareness and cyber risk governance.
Providing assurance on the effectiveness of the cybersecurity control environment using FLOD methodology.
Collaborating with Cyber and Technology teams to drive continuous improvement in control practices.
Reporting findings and insights to senior management and relevant governance forums.

Job Description

Key Accountabilities

Cybersecurity Control Reviews & Assurance - 30%

• Lead end-to-end reviews of cybersecurity controls across infrastructure, applications, and cloud environments.
• Evaluate effectiveness of technical and procedural controls against frameworks
• Develop and maintain testing methodologies and review schedules.
• Provide assurance reporting to senior stakeholders.
• Review audit logs to identify anomalies and validate control effectiveness.
• Support activities of IT control owners to ensure compliance with internal policies, procedures, and external regulations.
• Identify thematic control issues within Cyber and recommend suitable solutions.

Cyber Risk Assessment & Advisory - 20%

• Conduct cyber risk assessments for new systems, major changes, and third-party integrations.
• Advise project teams and business units on cyber risk mitigation strategies.
• Collaborate with Enterprise Risk and IT to embed cyber risk considerations into business processes.
• Undertake ad-hoc engagements, due diligence work, and demand initiatives as may be required.

Vulnerability & Threat Management Oversight - 15%

• Review vulnerability scan results and threat intelligence reports.
• Track remediation of critical vulnerabilities and systemic issues. •
• Review and monitor privileged access management, recertification campaigns and identity governance across systems
• Escalate unresolved risks and provide input into risk acceptance decisions.
• Provide assurance regarding the remediation of issues in Cyber and Technology.

Regulatory & Audit Support - 10%

• Coordinate responses to internal and external audits, regulatory inspections, and compliance reviews.
• Facilitate and support internal IT security audits, pre-audit validations, and stakeholder engagements.
• Ensure audit findings are effectively managed, and remediation plans are executed and tracked for closure.
• Track and conduct pre-issue validations on AIA and regulatory observations for the business.

Reporting & Metrics - 5%

• Develop dashboards and reports on cyber control effectiveness, risk posture, and review outcomes.
• Present findings to governance forums and risk committees.
• Track key performance indicators (KPIs) and key risk indicators (KRIs).
• Ensure effective tracking, monitoring, and closure of issue findings arising from ad-hoc reviews.

Stakeholder Engagement & Collaboration - 10%

• Liaise with IT, Risk, Compliance, and Business Units to drive cyber control improvements.
• Participate in cross-functional working groups and incident response simulations.
• Support awareness and training initiatives for control owners.
• Attend and enhance business control meetings to ensure significant control and material issues are managed effectively and efficiently across the cyber support business.
• Undertake control awareness sessions on control management for identified officials across Cyber.

Continuous Improvement & Innovation - 5%

• Identify opportunities to automate or enhance review processes using tools and analytics.
• Stay abreast of emerging threats, technologies, and regulatory developments.
• Contribute to the evolution of the cyber assurance framework.
• Identify operational issues and implement modifications and/or upgrades to increase cyber resilience.

Team Participation (Self- Development) - 5%

• Contribute fully to the team effort
• Facilitate coaching / training of team members in areas of specialist knowledge, or allocated areas of common interest
• Share knowledge, information, ideas and assist in the training of less experienced colleagues.
• Consistently equip oneself with relevant knowledge to the role.

 Education and experience required

• Bachelor’s degree in a Technology Business-related field or any other relevant discipline.
• Formal qualification or studying for: Cybersecurity, CEH, Digital Forensics, ITIL or any other related.

 Experience required

• 1–2 years of experience in IT/ICT, Governance and Controls, or Risk Management.
• Strong understanding of cyber risk, control frameworks, and regulatory expectations in banking.
• Excellent analytical, communication, and stakeholder management skills.

Knowledge & Skills

• Understanding of cybersecurity control frameworks.
• Understanding of key risks faced by banks and core control of environment
• Familiarity with IT governance/ banks governance requirements and risk management
• Ability to interpret audit logs and security reports.
• Controls Testing & Monitoring

***Application Deadline – 5 January 2026***

Absa Bank Kenya is an equal opportunity, affirmative action employer. Preference will be given to suitable candidates from designated groups whose appointments will contribute towards achievement of equitable demographic representation of our workforce profile and add to the diversity of the Bank.

Education

Further Education and Training Certificate (FETC): Physical, Mathematical, Computer and Life Sciences (Required)