Group IT Governance Audit & Assurance at Equity Bank Kenya

Role Purpose:

To lead the Group’s IT Governance, Audit & Assurance Framework, providing strategic and operational oversight to ensure effective IT control, compliance, and assurance practices across the Group.
The role ensures that the IT environment operates within acceptable risk tolerance levels, governance structures are robust and efficient, and IT aligns with business and regulatory objectives as defined by COBIT 2019, ISO 38500, ITIL4, ISO 27001,ISO20000, SWIFT and Central Bank Guidelines across the group as per ICT Guidelines.

Role Responsibilities:

IT Governance Framework Development & Oversight

• Develop, implement, and maintain the Group IT Governance Framework.
• Ensure alignment with COBIT 2019 domains: Evaluate, Direct, and Monitor (EDM) and Align, Plan, and Organize (APO).
• Define governance processes for IT performance, value delivery, and risk optimization.
• Maintain a central IT Control Library, linking all control activities to risks and assurance domains.
• Lead governance maturity assessments and coordinate improvement roadmaps.
• Champion policy harmonization and standardization across subsidiaries.

IT Assurance and Audit Management

• Develop and manage the annual IT assurance and control testing plan.
• Coordinate internal, external, and regulatory audits, ensuring readiness and timely closure of findings.
• Conduct independent assurance reviews in key domains:
  • IT General Controls (ITGCs)
  • Change & Release Management
  • Cybersecurity and Data Protection
  • Cloud & Third-Party Service Governance
  • Disaster Recovery & Business Continuity
• Maintain an automated Audit & Assurance Tracker with status dashboards.
• Prepare independent assurance reports for the CIO, Risk, and Audit Committees.

IT Risk & Compliance Integration

• Integrate IT assurance into the Enterprise Risk Management (ERM) framework.
• Coordinate RCSAs and challenge first-line risk evaluations.
• Partner with IT Risk, Compliance, and Cybersecurity to assess control design and effectiveness.
• Ensure compliance with CBK, PCI DSS, GDPR, and ISO standards.
• Support risk-based decision-making through accurate control insights.

Policy, Standards & Governance Controls

• Govern the lifecycle of Group IT policies and standards, ensuring they remain current and effective.
• Define policy exception, approval, and waiver processes.
• Ensure consistent adoption across subsidiaries through training and governance forums.
• Map policies to control frameworks (COBIT, ISO, NIST).

Governance Reporting & Continuous Improvement

• Develop dashboards and reports for senior management and Board-level committees.
• Track control maturity progression, audit closures, and risk trends.
• Benchmark practices against global IT governance maturity models.
• Embed automation and analytics in governance reporting.
• Lead continuous improvement and lessons-learned reviews after each audit cycle

Qualifications

Role Qualifications:

• Bachelor’s degree in computer science, Information Systems, Information Technology, Engineering, or a related field.
• Previous experience in a similar role – at least 5-7 years.
• Holds relevant professional certificates; CISA, CGEIT, CRISC, COBIT 2019 Design & Implementation, ISO 27001 Lead Auditor / Implementer, CISM, ITIL4 Foundation or Intermediate, PMP or PRINCE2 Practitioner (advantageous).
• Has experience creating quarterly IT Governance Reports for Risk and Audit Committees.
• Has been involved in creating the Annual Control Effectiveness and Maturity Scorecard
• Has experience working on the Governance Policy Review and Awareness Reports