Cybersecurity Review Analyst

JOB SUMMARY

Education and experience requiredBachelor’s degree in a Technology Business-related field or any other relevant discipline.Formal qualification or studying for: Cybersecurity, CEH, Digital Forensics, ITIL or any other related. Experience required1–2 years of experience in IT/ICT, Governance and Controls, or Risk Management.Strong understanding of cyber risk, control frameworks, and regulatory expectations in banking.Excellent analytical, communication, and stakeholder management skills.Knowledge & SkillsUnderstanding of cybersecurity control frameworks.Understanding of key risks faced by banks and core control of environmentFamiliarity with IT governance/ banks governance requirements and risk managementAbility to interpret audit logs and security reports.Controls Testing & Monitoring

RESPONSIBILITIES

Cybersecurity Control Reviews & Assurance - 30%Lead end-to-end reviews of cybersecurity controls across infrastructure, applications, and cloud environments.Evaluate effectiveness of technical and procedural controls against frameworksDevelop and maintain testing methodologies and review schedules.Provide assurance reporting to senior stakeholders.Review audit logs to identify anomalies and validate control effectiveness.Support activities of IT control owners to ensure compliance with internal policies, procedures, and external regulations.Identify thematic control issues within Cyber and recommend suitable solutions.Cyber Risk Assessment & Advisory - 20%Conduct cyber risk assessments for new systems, major changes, and third-party integrations.Advise project teams and business units on cyber risk mitigation strategies.Collaborate with Enterprise Risk and IT to embed cyber risk considerations into business processes.Undertake ad-hoc engagements, due diligence work, and demand initiatives as may be required.Vulnerability & Threat Management Oversight - 15%Review vulnerability scan results and threat intelligence reports.Track remediation of critical vulnerabilities and systemic issues. •Review and monitor privileged access management, recertification campaigns and identity governance across systemsEscalate unresolved risks and provide input into risk acceptance decisions.Provide assurance regarding the remediation of issues in Cyber and Technology.Regulatory & Audit Support - 10%Coordinate responses to internal and external audits, regulatory inspections, and compliance reviews.Facilitate and support internal IT security audits, pre-audit validations, and stakeholder engagements.Ensure audit findings are effectively managed, and remediation plans are executed and tracked for closure.Track and conduct pre-issue validations on AIA and regulatory observations for the business.Reporting & Metrics - 5