Senior Auditor Cyber

Requisition Details

REQ 144217 Thembi Mtshali

Location: Johannesburg

Closing Date: 24 February 2026

Job Family

Risk, Audit and Compliance

Career Stream

Auditing

Leadership Pipeline

Manage Self Professional

Job Purpose

•    The purpose of GIA is to provide independent, objective assurance to the Nedbank Group Limited Board of Directors via the Group Audit Committee (GAC) that the governance processes, management of risk and systems of internal control are adequate and effective to mitigate the risks (in line with GIA Methodology), both current and emerging, that threaten the achievement of the Group’s strategy and key objectives, and in so doing help improve the internal control and risk culture of the Group.  
•    GIA receives its authority from the GAC, which is a committee of the Board of Nedbank Group Limited established to, among other things, review the work of Internal Audit of Nedbank Group Limited and its subsidiaries (the "Group").

Job Responsibilities

The Senior Auditor – Cyber, in the discharge of his / her duties, shall be responsible, inter alia, to the Nedbank Group CIA / Portfolio Executives / Senior Audit Manager to: 
•    Support the periodic assessments of the outcomes of internal audit work to appropriate governing bodies, including the GAC, Board Risk Committee, Executive IT Committee (EITCO), Cyber Resilience Committee (CyRC) and Group IT Committee (GITCO); 
•    Report on the overall effectiveness of the governance, risk and internal control framework of the Group; 
•    Comply with regulatory and corporate governance expectations of the internal audit functions;
•    Report significant Cyber issues related to the processes for controlling the activities of the Group, including potential improvements to those processes; 
•    Report periodically on the progress of the Cyber audit plan delivery; 
•    Have in place a robust process to follow-up on management’s agreed actions to address Cyber issues raised by GIA; 
•    Responsible for the delivery and measurable performance of their respective Cyber portfolio, including audit plan delivery;
•    Apply judgement to provide an overall audit opinion on the Cyber system of internal controls of the Group;
•    Provide insights from the outcomes of internal Cyber audit work to appropriate governing bodies;
•    Maintain an open and constructive relationship as a Trusted Advisor with senior internal and external stakeholders including External Audit, Business Executives and other GIA Heads of Audit;
•    Implement effective and efficient audit processes to ensure that audit processes are optimized and comply with the relevant governance expectations of internal audit functions;
•    Develop and maintain relationships with business and key stakeholders to ensure robustness and completeness of audit coverage and contribute at an insight generator / trusted advisor to business to enhance assurance provided over the control environment;
•    Contribute to the development of a 12-month rolling audit plan (including Cyber) using a risk-based methodology, taking into consideration specific business strategic focus areas, regulatory requirements pertaining to internal audit, as well as including any risks or control concerns identified by management, the GAC and the Board; 
•    Deliver and report on the rolling Cyber risk-based internal audit plan; 
•    Robust follow-up processes to follow-up and report on management’s progress in implementing agreed actions to address Cyber issues identified by GIA; and 
•    Maintain an open and constructive relationship with the CIA, Business executives, and key stakeholders (including GIA Executives and Heads of Audit) by providing value added services and sharing information. 

Job Responsibilities Continue

4.    PROVIDE VISIONARY AND INSPIRATIONAL LEADERSHIP

•    Implement the vision and strategy including the leadership and culture philosophy, stakeholder approach and internal methods and tools. This should include alignment to the Nedbank and Business Unit strategy;
•    Exhibit diverse and visionary qualities - promoting a globally competitive financial sector;
•    Actively participate in the Group’s Combined Assurance Model;    
•    Build a high-performance team through managing resources, retention and critical staff;
•    Manage performance of reports and hold them accountable for managing the performance of their reports by taking corrective action as required, recognising and rewarding the team;
•    Actively build a culture of improvement by ensuring the design and implementing active talent management, succession planning strategies for division and obtaining buy-in from relevant stakeholders; 
•    Optimise performance and motivation by holding managers and auditors accountable for developing their staff and themselves;
•    Empower team to make decisions and recommend tailored solutions to business unit specific problems, through coaching and mentoring practices; 
•    Facilitate engagement and information sharing sessions amongst peers. Synergies across clusters and business units achieved;
•    Take ownership and accountability for tasks and activities and demonstrate effective self-management;
•    Follow through to ensure that quality and productivity standards of own work and team are consistently and accurately maintained;
•    Support and drive the business's core values;
•    Respond openly and constructively to feedback (positive and negative);
•    Be a vision-led and values-driven leader; and
•    Embodiment of the following characteristics:

Essential Qualification

•    Minimum required qualification: Information and Cyber or related degree; 
•    CISA; CISSP; CISM; CCSP; CRISC (or another relevant IT Qualification

Minimum Experience Level

The following minimum experience is required:
•    4 – 8 years Cyber Security experience in a senior position.
•    Cyber security, Security resilience and posture, Data Privacy, Information, Network, Infrastructure, Third-Party security, Application, Endpoint, Cloud and on-prem security. 
•    Ability to operate independently; 
•    Understanding and experience in auditing cyber; and
•    Leadership experience leading teams (assignment based, you will be required to manage peers and auditors within the GIA environment.).

The following additional experience is preferred:
•    Cyber security experience in a Banking institute or financial services
•    Significant technical knowledge (i.e. Network Architecture, Database, Operating Systems, Mainframe, System Configurations, Online Banking and Mobile Apps, Data, & IT, etc.), and its supporting processes.

Types of Exposures

Risk Optimiser
•    Understanding that risk is at the centre of everything in banking
•    Developing the appropriate risk appetite
•    Managing risk without stifling innovation 
•    Being sensible about risk
Client Centric Advocate
•    Placing the client at the centre of everything you do
•    Being relationship focussed (as opposed to product or mono-line focussed) 
•    Collaborating with colleagues across organisational boundaries
Execution Expert
•    Having a bias for action
•    Focussing efforts on execution and implementation
•    Practicing decisive leadership
•    Simplifying things
Strategist
•    Being a strategic thinker
•    Being a strategic translator
•    Being a strategic doer 
•    Facilitating strategic dialogue

Technical / Professional Knowledge

Behavioural Competencies