To assess, monitor, and enforce compliance with IT governance, cybersecurity, and digital banking risk management standards in Commercial Banks and Non-Bank Financial Institutions. The role ensures that financial institutions maintain secure, resilient, and compliant technology environments to safeguard the stability of the financial system and protect customer data. This includes conducting regular inspections, identifying potential vulnerabilities, and recommending enhancements to mitigate IT and Cyber threats.

8. DUTIES AND RESPONSIBILITIES:

1. Examination and Assessment

• Conduct onsite andoffsite IT and Cyber examinations of financial institutions.
• Evaluate IT governancestructures, cybersecurity frameworks and resilience against operational disruptions.
• Review core banking systems,payment platforms and emerging digital banking channels.
• Assess the adequacyIT General Controls (ITGCs), application controls, and disaster recovery/business continuity plans.

1. Risk & Compliance Review

• Evaluate banks’ compliance with regulatoryrequirements, including BOU guidelines, Basel III operational risk standards and data protection regulations.
• Assess implementation of cybersecurity frameworks (ISO 27001, NIST CSF, CIS Controls).
• Identify and report deficiencies,systemic risks, and non-compliance issues.

1. Incident Response Oversight

• Regularly monitor banks’ responsesto major IT or cybersecurity incidents.
• Assess incident root cause analysis, remediation actions, and communication to stakeholders.
• Recommend improvements banks’ incident detection and response capabilities.

1. Reporting & Enforcement

• Prepare clear and conciseexamination reports with findings, risks, and regulatory
• Present examination outcomes at bothEXCO and Board exit meetings.
• Recommend enforcementactions for non-compliance, including sanctions where necessary.

1. Policy Development & Advisory

• Contribute to the development andupdating of IT and Cyber supervisory policies.
• Provide technical advisoryto other examiners and bank supervision teams on IT risk trends.

1. Continuous Improvement & Training

• Stay updated on emerging threats, technologiesand international best practices in banking cybersecurity.
• Carry out regular training of team membersand participate/conduct annual training session to provide guidance to SFIs Board members and Executive management to improve their cybersecurity practices and compliance with regulations.
• Mentor other examinersand deliver training to enhance examination capabilities.

1. Stakeholder collaboration

• Work closely with SFIs, other regulatory bodies and cybersecurity experts to enhance the overall cybersecurity framework.

9.  EXPECTED OUTPUTS/DELIVERABLES

• IT and Cybersecurity institutional and sector wide risk profile
• IT and Cyber Security inspection Reports
• Proposed Cyber and Technology guidelines.
• Incident reports and remediation actions.
• Draft collaboration reports, which document collaboration with other regulatory authorities, stakeholder feedback reports and cybersecurity experts.
• Quarterly and Annual sector wide IT and cybersecurity report.

10.     PERSON SPECIFICATION
11. Minimum Qualifications

• First Class or Second Class Upper Bachelor’s degree in Information Technology, Computer Science, Information Systems, Cybersecurity, Computer Engineering or a closely related field.
• Possession of at least one of the certifications as; a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Certified in Risk and Information Systems Control (CRISC) with ISO 27001 Lead Auditor or CompTIA Security+ is mandatory.
• A master’s degree in any of the aforementioned fields is an added advantage.

1. Experience

• Minimum 5 years of relevant work experience in IT audit, cybersecurity, or risk management, preferably in a Financial Institution or Audit Firm.
• Familiarity with national and international cybersecurity standards such as NIST, ISO 27001 among others.

1. Age

• 0 to 37.0 Years

1. Competencies 

    Technical skills

• Excellent Report writing skills
• In-depth knowledge of cyber security principles, threat landscape and best practices.
• Strong understanding of the SFIs systems and the regulatory environment.
• Proficiency in cybersecurity risk assessment and management.

    Behavioral skills

• Integrity
• Transparencyand accountability
• Excellence
• Teamwork
• Analytical thinkingand problem solving
• Interpersonaland stakeholder engagement
• Planningand organizing skills
• Innovativeness