Assistant Manager - Information Systems Audit at Kenindia Assurance Company Limited

Main Purpose of the Job - (Job Summary)

As an Assistant Manager in Information Systems Audit, you will conduct internal audits related to information technology functions, processes, and technology applications supporting business operations. Responsibilities include risk analysis, control testing, and proposing process and control enhancements. Your role involves presenting detailed reports summarizing audit findings and recommendations to stakeholders, facilitating continuous improvement within the organization.

Main Responsibilities 

• Policy Alignment and Proactive IT Protection: Review company policies and procedures to ensure alignment with the strategic vision and proactive protection of IT assets, responding to evolving threats and regulatory requirements.
• Continuous Risk Assessments: Conduct continuous vulnerability and risk assessments of the information technology environment, covering general system controls, infrastructure controls, and application controls.
• Information Systems Controls Evaluation: Evaluate the functionality and documentation of information systems controls across all areas of the company's operations.
• Implementation Lifecycle Assessments: Evaluate the technical viability of projects involving new IT software and hardware during pre-implementation reviews. Additionally, conduct post-implementation reviews for newly installed information systems and system changes to ensure effectiveness and propose enhancements.
• Security Controls Assessment: Assess security controls on the company's information systems, covering Oracle databases, LAN, WAN, PABX, office automation software systems, and email solutions.
• Business Continuity and Disaster Recovery Controls Review: Review internal controls pertaining to Business Continuity and Disaster Recovery Plans.
• Ad Hoc Assignments and Forensic Investigations: Assist the Information Systems Audit Manager in conducting ad hoc assignments and forensic investigations.
• Follow-up Reviews: Conduct follow-up reviews of previous audit recommendations, reporting on the status of their implementation.
• Attend to any other relevant duties and responsibilities as assigned by the Information Systems Audit Manager.

Job Specifications

Relevant Experience

• At least 4 years of relevant experience

Academic Qualifications

• Bachelor’s degree in computer science, Information Technology, or related field from a recognized university

Professional Qualifications

• Certified Information Systems Auditor (CISA);
• Other Certifications such as CISM, CCNA, Oracle or equivalent are a plus
• Membership to a professional association  

Key Job Skills (specific to the job)

IS Audit Assistant Manager Job Description:

Position Overview:

The IS Audit Assistant Manager role requires a seasoned professional with a robust technical background to play a pivotal role in enhancing Information Systems (IS) audits. This position demands advanced technical expertise in information systems, and effective communication skills, reporting directly to the IS Audit Manager to ensure the execution of comprehensive IS audits.

Key Technical Competencies:

• Demonstrate exceptional proficiency in drafting clear, concise, and insightful audit reports. 
• Develop expertise in comprehensive audit documentation.
• Exhibit a proven ability to manage relationships with diverse stakeholders, ensuring effective communication, collaboration, and understanding of audit objectives and outcomes. 
• Possess in-depth knowledge of industry-standard security frameworks such as ISO 27001 and NIST, ensuring comprehensive alignment with security best practices.
• Proficiency in assessing and enhancing cybersecurity measures, including threat modeling, vulnerability assessments, and incident response planning.
• Exhibit advanced understanding of network security protocols and technologies, ensuring robust protection against evolving cyber threats. 
• Expertise in evaluating and enhancing security controls within cloud computing environments.
• In-depth understanding of data privacy regulations (e.g., Kenya Data Protection Act) and expertise in recommending controls to ensure compliance.
• Proven ability to identify, assess, and mitigate IT-related risks, incorporating risk management best practices into audit processes.
• Expertise in testing incident response plans, ensuring the organization is well-prepared to handle and recover from security incidents.
• Familiarity with a variety of auditing tools and techniques for assessing system controls, identifying vulnerabilities, and ensuring security measures.
• Stay current with emerging technologies and capability to assess their impact on information security and audit processes.
• Adept in IT governance principles and compliance frameworks, ensuring adherence to regulatory requirements and industry standards.
• Proficient in leveraging data analytics tools (e.g., CaseWare IDEA) for advanced audit procedures, enhancing efficiency and insight generation.
• Develop an understanding of secure software development practices, ensuring that applications are developed with security in mind.
• Develop an in-depth understanding of IT infrastructure components and configurations, ensuring comprehensive evaluations of system controls.
• Exhibit effective collaboration with IT teams to bridge technical and audit perspectives, ensuring a holistic approach to information security.
• Apply advanced auditing concepts and methodologies to ensure thorough and compliant audit processes.