Role Overview
The Senior Information System Auditor is responsible for independently planning and executing complex IT audits across the organization's infrastructure, applications, cybersecurity, and emerging technologies. This role requires robust IT audit capabilities and a solid foundation in cybersecurity to assess and enhance the organization’s IT risk posture.
Principal Accountabilities
- Audit Delivery: Lead and deliver IT audits covering IT General Controls (ITGCs), application controls, cybersecurity controls, and IT operations.
- Regulatory Compliance: Assess compliance with the Kenya Data Protection Act (2019), Insurance Regulatory Authority ICT Guidelines, and other relevant legal or regulatory frameworks.
- Project Reviews: Perform independent pre- and post-implementation reviews for major IT projects and system changes.
- Third-Party Audits: Audit third-party service providers, outsourced IT services, and cloud-based environments, focusing on cybersecurity, data protection, and regulatory compliance.
- Strategy & Planning: Lead the development of the IT audit risk universe and contribute to the annual audit plan.
- Risk Assessment: Identify and assess IT and cybersecurity risks, recommending practical improvements aligned to frameworks such as COBIT, NIST, ISO 27001, and ITIL.
- Continuous Improvement: Stay informed on emerging IT risks, regulatory developments, and technology trends.
- Reporting: Prepare and present high-quality audit reports, including findings and actionable recommendations, to senior management and governance bodies.
Requirements and Qualifications
- Education: Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related field.
- Experience: 6–8 years of experience in IT auditing or a combination of IT audit and technical roles.
- Cybersecurity Expertise: Hands-on experience performing cybersecurity audits, including assessment of security controls, policies, and governance practices.
- Core Certification: Certified Information Systems Auditor (CISA) is mandatory.
- Specialized Certification: One of CISSP, CISM, or CRISC is mandatory.
- Professional Affiliation: Active membership in professional bodies such as ISACA or IIA.
How to Apply
Interested and qualified candidates should apply online through the Kenindia Assurance recruitment portal by clicking the apply button or visiting kenindiahr.peopleshr.com.
