Head of Internal Audit: Cyber Security at Absa Group Limited (Absa)

Job Summary

• An exciting opportunity has become available for an experienced Cyber Security Audit Executive to join Absa’s Group Internal Audit as Head of Audit: Cyber Security.
• The role is responsible for leading the delivery of independent, objective, and risk-based assurance over the Group’s cyber security and information security risk management capability. The successful incumbent will manage the cyber audit portfolio, lead a team of specialist auditors, and provide insightful assurance.

Job Description

Key Accountabilities

• Lead and deliver the Cyber & Information Security audit portfolio in line with the approved risk‑based audit plan and Internal Audit methodology.
• Plan, scope, execute, and report on cyber and information security audits, providing clear conclusions on control effectiveness and residual risk.
• Provide assurance over the effectiveness of cyber governance, risk management, and key security controls across the organisation.
• Identify and communicate thematic and systemic cyber risks, emerging threats, and control weaknesses to senior management and governance forums.
• Engage senior stakeholders as a trusted assurance partner while maintaining independence and objectivity.
• Lead, coach, and develop a team of cyber and technology auditors, driving consistent quality and professional judgement.
• Ensure all audit work is conducted in line with the Internal Audit Charter, professional standards, legislation and quality expectations.

Typical Areas of Audit Coverage

• Cyber and information security governance and risk management capability
• Identity and access management, including privileged access
• Vulnerability management, patching, and secure configuration
• Security monitoring, logging, detection, and response
• Cyber security tooling adoption and operational effectiveness
• Third‑party and supplier cyber risk oversight
• Secure design and change controls for new solutions and major system changes
• Data protection and endpoint security controls
• Cyber awareness and training programmes
• Artificial Intelligence adoption

​​​​​​​Education and Experience Required

• Bachelor’s degree in Technology, Computer Science, Information Systems, Accounting, or a related field.
• 10+ years’ experience in Internal Audit, Technology Risk, and Cyber Security assurance, including experience leading cyber or technology audit portfolios.
• Proven people leadership experience within an assurance or risk environment.

​​​​​​​Professional Certifications (Preferred)

• CISA (essential or strongly preferred)
• One or more of: CISSP, CISM, CRISC, CCSP
• Cloud certifications (Azure / AWS) advantageous

​​​​​​​Skills and Competencies

• Strong understanding of cyber security risks, controls, and assurance practices
• Risk‑based audit planning and sound professional judgement
• Ability to translate complex technical issues into clear business and risk impact
• Executive‑level communication and stakeholder engagement
• High ethical standards, independence, and integrity

Education

• Postgraduate Degrees and Professional Qualifications: Financial Sciences (Required), Postgraduate Degrees and Professional Qualifications: Statistics (Required)

End Date: March 7, 2026