Latest Jobs at the African Development Bank Group (AfDB)

Reference: ADB/21/041
Location: Abidjan, Cote d’Ivoire
Grade: EL4
Position N°: 50092339

The Department

• The Office of the Auditor General provides independent, objective Assurance and Consulting services designed to add value and improve the Bank’s operations. The audit department assists the Bank to accomplish its strategic objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. In this connection, the Office of the Auditor General is responsible for planning, organizing, directing and controlling a broad, comprehensive program of auditing and consulting/advisory services both internally and externally including, without limitation, all projects and programs of the Bank group.
• The Office provides all levels of management and the Board with periodic, independent and objective appraisals and audits of financial, accounting, operational, administrative and other activities, including identifying possible means of improving accountability, efficiency of operations and economy in the use of resources. The Office of the Auditor General also provides advisory and consulting services to the Bank complexes regarding management control and reports, policies and systems development and reviewing new products and services in the design stages.
• In this regard, the Audit Department will be encouraged to expand on, and operationalize proactive measures and practices which include outreach programs and work planning sessions with operating complexes and relevant departments in AfDB. The overriding goal is to shift emphases from post-mortems to positive and pre-emptive approaches which would proactively scan and identify areas of risk and concerns, and attempt to address challenges even before they manifest.

The Position

• The Internal Audit function is accountable for establishing and managing the independent, objective assurance, and consulting function which is designed to add value and improve AfDB’s operations. In compliance with internationally acceptable standards, the Auditor General’s scope of activities encompasses the following key themes:
  • Accountable for objectively reviewing AfDB’s business processes.
  • Evaluate the efficacy of risk management procedures that are currently in place.
  • Protect the Bank against fraud and theft of the assets.
  • Ensure that AfDB complies with relevant laws, statutes, as well as standards expected of an International Development Organization.
  • Make recommendations on how to improve internal controls and governance processes.
• The Auditor General directs and manages programs and activities of the entire Internal Audit Department. Therefore, this position requires extensive exposure and experience in established corporate and international environments. It demands a high level of equanimity and integrity, and the job holder must have been in senior leadership or management positions especially in international settings and/or in the private sector.
• The position also requires energy and an innate desire to resolve complex problems and issues. The incumbent will need to develop working relationships with all levels of the internal community – Vice Presidents, Directors, Managers, and Staff. The successful candidate will also need to be able to analyse and summarize issues succinctly, and in a language which all stakeholders understand and appreciate.
• This position formally and structurally reports to the President of the Bank. The position however has a dotted reporting relationship to the Board. The Auditor General’s reports are submitted directly to the Board. The incumbent is therefore answerable to the Board on these reports and findings.

Duties and Responsibilities
As a matter of general principle, the Internal Audit Department will be expected to conduct audits which include financial accounting/management and compliance issues. Under the overall supervision of the President, this position will be responsible for the following accountabilities:

• Define long, medium term, and annual audit objectives and goals.
• Manage a team of professional level and support staff in providing efficient and high-quality services that support the business. Set realistic performance goals and motivate team members to meet them, both for individual staff and for the team as whole. Manage Department staffing and resources to achieve the Bank’s and Department’s objectives.
• Develop a risk-based Long-Term Coverage plan (LTCP) in order to rationalize the allocation of audit resources by concentrating them on high business risk and significant areas of the Bank.
• Develop a flexible annual audit programme using appropriate risk-based methodology, including any risks or control concerns identified by management, and submit the programme to the President and the audit committee for review and approval.
• Provide independent, objective assurance and consulting services designed to add value and improve the Bank's operations.
• Determine whether the Bank's framework of risk management, control, and governance processes, as designed and implemented by management, is adequate and functioning by assessing the adequacy and effectiveness of the Bank's processes for controlling its activities and managing its risks.
• Oversee financial, operational, administrative and information technology audits, including without limitation, field verification of projects and programs financed by the Bank;
• Review the systems of internal controls maintained by the Bank to safeguard its financial and physical assets, verifying the existence of related assets and making recommendations to correct any weaknesses.
• Review the reliability, accuracy and integrity of significant financial and automated management information systems, ensuring that such systems employ essential controls which minimize the risk of unauthorized activity.
• Oversee the implementation of the annual audit plan, as approved, including, and as appropriate, any special tasks or assignments requested by the President and/or the Board; and, reporting periodically on the status and results of the annual audit plan as well as on the adequacy of the office resources.
• Oversee the performance of consulting, advisory and audit services, beyond internal auditing assurance services, to assist management in meeting its objectives; and, maintaining a quality assurance program by which the Auditor General assures that the internal auditing processes and procedures are in accordance with the standards. Build strong relationship management and understand the business needs to assist in developing practical and effective solutions.
• Oversee the evaluation and assessment of significant new or changing services, processes, operations, and controls relating to their development and implementation.
• Liaise with the external auditors as appropriate, for the purpose of providing optimal audit coverage to the Bank.
• Maintain an on-going system of monitoring the adequacy of the actions taken by management to implement internal and external audit recommendations and reporting on the status of implementation to the President and the Board.
• Develop the Annual Budget containing the requirements of the Department.
• Ensure that all final opinions and conclusions emanating from the department are of high and professional standards.
• Design and deliver outreach and training for identified focus groups of internal stakeholders on relevant topics and identified areas of emphases for the department.
• Reporting and recommendations - developing findings and audit recommendations that are soundly based, balanced and provide practical opportunities for improvement, delivering draft performance audit reports and promoting continuous improvement and innovation in performance audit practice and methodology.
• Stakeholder liaison and advice - liaising, negotiating and building effective relationships with external stakeholders, providing advice to internal and external senior employee, attending governing bodies report tabling and communicating audit findings to internal and external stakeholders.

Selection Criteria

• A minimum of a Master's degree in Business, Accounting, or a related field (concentration in internal auditing or graduate-level certificate in internal auditing will constitute an added advantage).
• He or she must have a minimum of 10 years’ relevant corporate experience in managing teams and business units relating to audit and process. In addition, s/he should have applied experience in advising the Board and senior management on internal audit challenges and issues.
• We expect the successful candidate to have achieved clearly defined and demonstrable results in the course of his or her career. S/he will also be expected to have demonstrated individual competence in leading and delivering on transformational initiatives in the field under consideration.
• The right candidate will have demonstrable skills and competence in relating to and communicating with small and large groups. Competence in written as well as in platform communication are essential.  Exposure to, and knowledge of cutting-edge trends and practices in corporate and international auditing are also important requirements.
• The ideal candidate must have the ability to inspire a sense of purpose and direction, focus strategically, harness information and opportunities and show judgement, intelligence and common sense.
• The candidate will be a dynamic and effective communicator, result-driven, and customer oriented. Analytical skills, and ability to work cross-functionally, and under pressure are essential prerequisites.
• Serve as a role model, leading by example, builds alignment and commitment to challenge staff. Maintain a high standard of professional integrity, treat individuals fairly and respectively and be sensitive to differences across culture, nationalities and gender.
• Member of a professional association or community of practice recognized at national, regional or international level.
• Ability to communicate and write effectively in French or English, with a good working knowledge of the other language.

go to method of application »

Reference: ADB / 21 / 042
Location: Abidjan, Cote d'Ivoire
Grade: PL1
Position N°: 50101122

The Complex

• The Vice-Presidency, Corporate Services and Human Resources (CHVP) ensures the delivery of efficient, people-centered, client-oriented, corporate services to ensure overall institutional effectiveness in all aspects of the Bank’s corporate services.
• The complex leads efforts to digitalize and transform the Bank into a knowledge-driven workforce, promote human resources policies that enhance talent, drive a performance -driven culture, and ensure the competitiveness of the Bank as the employer of choice. The complex ensures that all Human Resources and Corporate Services are re-aligned to drive greater corporate performance and execution of the Bank's strategic vision and priorities.
• The complex is responsible for providing leadership in the formulation and implementation of Bank’s strategies on people, IT, General services and institutional procurements, Language Services, business continuity and, health and safety strategies.

The Hiring Department / Division:

• The Head of Cyber Risk will create a new Unit within the Bank to provide expertise and assistance to ensure the Bank’s infrastructure and information assets are appropriately protected. The Cyber Risk Unit will be responsible for the safeguarding of all bank’s Information Communication Technology (ICT) assets across all platforms, locations, and stakeholders. The Cyber Risk Unit will be part of Bank’s ICT lifecycle management to provide secure ICT solutions to the Bank.
• The Cyber Risk Unit will lead and provide cyber security technology solutions at the Bank, such activities include but are not limited to Security Operation Center (SOC), Cyber Incident Response, Threat Intelligence, Zero-day attack and defence, cloud security, mobile security, data security and application security.
• The Cyber Risk Unit will focus on developing and driving information risk strategies, policies/standards, ensuring the effectiveness solutions, ensuring appropriate risk policies and procedures such as user log-on and authentication rules, security breach, escalation procedures, and security assessment procedures.
• The Cyber Risk Unit will enforce information security policies and procedures, monitor data security profiles on all platforms and investigate risk scenarios.

The Position
The objective of this position are to:

• Be responsible for the safeguarding of all Bank’s Information Communication Technology (ICT) assets across all platforms, locations and stakeholders. Additionally, the incumbent will play a central role in refining the broader information technology risk program across the bank and will be responsible for ensuring compliance of all third-party providers with the information security standards.
• Establish a complete vision for cybersecurity practices for the Bank and management of security policies, procedures, guidelines, and standards. This includes roadmaps for evolving the ICT security architecture, associated toolsets, security processes, etc.
• Lead Cyber Security innovation at the Bank and provide innovative ICT security solutions to address business and technology challenges
• Provide solutions to Bank’s ICT and business project team ensuring information and technology security requirements, including confidentiality, integrity, and availability are managed and the project objectives are achieved.
• Plan, execute, and manage multi-faceted projects related to cyber risk management, mitigation and response, compliance, control assurance, and user awareness.
• Update, maintain and document information controls and provide direct support to the Bank internal IT structures.
• Be responsible for leading and coordinating, articulating, and tracking actions related to developing and driving the implementation of a new Cyber Risk Unit ensuring effective cyber security risk management practices, risk based planning and engaging with business Departments on a wide range of cyber risk matters to achieve the overall business objectives of the Bank.
• Oversee activities as assigned, primarily within risk management, and lead technical projects across all technical areas to mitigate cyber risks.

Duties and Responsibilities
The areas of responsibility for the head of the unit are the following categories:

• Governance & strategy: Making sure all of the above initiatives run smoothly and get the funding they need — and that corporate leadership understands their importance
• Security operations: Real-time analysis of immediate threats, and triage when something goes wrong
• Cyber risk and cyber intelligence: Keeping abreast of developing security threats, and helping the board understand potential security problems that might arise from acquisitions or other big business moves
• Data loss and fraud prevention: Making sure internal staff doesn't misuse or steal data
• Security architecture: Planning, buying, and rolling out security hardware and software, and making sure IT and network infrastructure is designed with best security practices in mind
• Identity and access management: Ensuring that only authorized people have access to restricted data and systems
• Program management: Keeping ahead of security needs by implementing programs or projects that mitigate risks
• Investigations and forensics: Determining what went wrong in a breach, dealing with those responsible if they're internal, and planning to avoid repeats of the same crisis

The incumbent’s duties will include the following:

• Ownership of the information security compliance vision, strategy and assurance including:
  • Strategic planning for Cyber Security Risk Management at the Bank, including situation assessment, vision and mission, objectives, road maps for short, medium, and long terms.
  • Evaluation and interpretation for AFDB of industry best practices (NIST, ISO, SANS, COBIT, CERT) and compliance requirements (Legislative, Regulatory).
  • As appropriate - ownership, sponsorship, management, support and supervision of information security assessments, audits and ongoing monitoring.
  • Information security threat and vulnerability management, incident reporting, event management, event investigation and analysis.
  • Ownership of the information security project portfolio, including developing new or improved capabilities and addressing areas for needed remediation.
  • Overall stewardship and sponsorship for AfDB Enterprise IT Risk management strategy.
• Strategic planning, Risk management plan and actions:
  • Develop enterprise cyber security risk management strategy to address short term, medium term, and long term needs.
  • Design, develop and maintain Enterprise Information Security Architecture (EISA) by aligning business processes, IT software and hardware, local and wide area networks, people, operations, and projects with the organization’s overall security strategy
  • Perform external analysis of the organization (e.g., analysis of customers, competitors, markets and industry environment) and internal analysis (risk management, organizational capabilities, performance measurement etc.) and utilize them to align information security program with organization’s objectives
  • Identify and consult with key stakeholders to ensure understanding of organization’s objectives
  • Define a forward-looking, visionary and innovative strategic plan for the role of the information security program with clear goals, objectives and targets that support the operational needs of the organization
• Business Engagement:
  • Engage with business leaders on risk matters ranging from policy and governance to security risk operations.
  • Provide active expert level support to bank’s ICT and business project team to ensure on target, on time and on budget delivery of the projects to meet business needs.
  • AFDB has adopted a “Cloud first” strategy. Cloud-based platforms and software-as-a-service (“SaaS”) are widely used by IT and business units at the Bank. The incumbent will lead the unit to develop a cloud security strategy and be accountable for the implementation of the strategy.
  • Provide administrative and tracking actions to the Vice President CHVP, while interfacing with the Business Continuity Unit, the Physical Security Unit, the Information Technology Department, the Operational Risk Team and the Group Chief Risk Officer.
  • Lead and ensure coordination and consensus with other Bank teams to align processes and procedures to ensure a common approach to cyber risk management activities.
• Lead Cyber Security Technology innovation at the Bank and provider highest level expertise advisory services to the senior management
• Ensure all processes and access are in line with Bank policies.
• Support internal and external audits.
• Manage multiple projects with broad scope, ambiguity, and high degree of difficulty.
• Maintain an advanced knowledge of all cyber risk principles, technologies and elements.
• Understand the Bank global program structure, operations and support the High 5 strategy.

Selection Criteria

• Hold at least a Master's degree in Electrical Engineering, Systems Engineering, Computer Science, Computer Engineering, Information Technology, Management Information Systems, Security and Risk Management or related disciplines.
• 8+ years' work experience in relevant Information Security Risk position and 2+ years’ experience in a management role or a similar position or having equivalent skills and experience is highly desired. Practical experience with ISO 27000 is required. 3+ years’ experience in conducting or leading risk based information security assessments would be an added advantage.
• Expert level experience in two or more CISO domains  
• Mandatory Certifications in ICT security (unless demonstrate the same level of knowledge):
  • CISSP
  • CISM and/or CISA
• Desired Security Certifications and experience (one or more):
  • Certified Ethical Hacker
  • CCIE security
  • SANS cyber defence
  • Threat Intelligence
  • Kali penetration testing
• Structured project management experience in deploying cyber risk related initiatives.
• Broad experience in computer and network systems focused on IT and cyber risks.
• Experience leading teams.
• Knowledge of regulatory compliance, standards, and frameworks such as ISO, NIST, COBIT and PCI DSS.
• Proven understanding of information security risk assessment and risk management procedures and methodologies.
• Ability to correlate enterprise risk with appropriate administrative and technical security risk controls.
• Knowledge and experience with diverse architectures, large-scale transaction processing environments, external hosted services, and cloud computing environments.
• Functional understanding and knowledge of information technology risk principles, standards, and processes, such as authentication and access control, infrastructure hardening, network traffic analysis, endpoint security, platform architecture, application security, encryption and key management, cloud security, etc.).
• Working knowledge of all operating systems
• Dynamic and self-motivated to provide excellent services to the users
• Have excellent interpersonal skills coupled with a collaborative style
• Strong communication skills to enable effective engagement of team members and external providers.
• Conflict resolution skills
• Ability to advise senior management on complex systems development and related matters of significant importance to the institution; conceptual and strategic analytical capacity to understand information system and business operational issues so as to thoroughly analyze and evaluate critical systems matters.
• Demonstrable experience in improving processes and approaches; demonstrable adaptability to changing priorities.
• Keeps abreast of new developments in own occupation/ profession; good understanding of the new technology and industry trend.
• Excellent team spirit, communication skill, both verbal and writing
• Fluency in English and/or French with good working knowledge of other language.