Manager - Information Systems Audit at Kenindia Assurance Company Limited

Main Purpose of the Job - (Job Summary)

As the Information Systems Audit Manager, you will lead and oversee the information systems audit function, ensuring the adequacy and effectiveness of system controls, safeguarding company data, and maintaining systems integrity. Your responsibilities include leading a team of auditors, planning and executing audits, and delivering comprehensive reports to senior management, contributing to the organization's overall security and operational efficiency.

Main Responsibilities 

• Leadership and Planning: Manage the IS Audit team and oversee the formulation and execution of the IS Audit plan.
• Information Systems Reviews: Lead reviews of the company's information systems, internal controls, and security measures, providing improvement recommendations.
• Controls Evaluation for New Systems: Review the adequacy and effectiveness of internal and security controls on new information systems and system changes, suggesting improvements.
• Audit Program Development: Develop detailed information systems audit programs based on documented procedures for each audit assignment.
• Comprehensive Audit Testing: Conduct comprehensive audit tests on automated systems, aligning with the Annual Audit Plan, and propose enhancements.
• Pre and Post-implementation Reviews: Conduct pre-implementation reviews for projects with new IT software and hardware, assessing technical viability, and recommending enhancements. Additionally, lead post-implementation reviews for newly installed information systems and system changes, providing improvement recommendations.
• Review internal controls related to Business Continuity and Disaster Recovery Plans, proposing enhancements.
• Detailed Reporting: Draft detailed reports, including findings, implications, and recommendations, and discuss them with senior management.
• Report Finalization and Approval: Finalize reports with findings, recommendations, and implementation schedules, seeking approval from the Chief Internal Auditor.
• Follow-up Review Management: Oversee and conduct follow-up reviews of previous audit recommendations, reporting on the status of their implementation.
•  IS Audit Plan Implementation: Ensure the implementation of the IS Audit Plan and provide periodic updates to the Chief Internal Auditor.
• Audit Program Review: Review audit programs developed by the IS Audit Assistant for completeness.
• Working Papers and Draft Report Review: Review audit working papers and draft reports prepared by the IS Audit Assistant.
• Talent Management: Manage talent within the IS Audit team, providing coaching, mentoring, development, motivation, training, and evaluations for staff members.

Job Specifications
Relevant Experience

• At least 6 years of relevant experience at Manager level

Academic Qualifications

• Bachelor’s degree in computer science, Information Technology, or related field from a recognized university
• Master’s Degree is an added advantage

Professional Qualifications

• Certified Information Systems Auditor (CISA); 
• Certified Information Security Manager (CISM) or Certified Information System Security Professional (CISSP)
• Certified Internal Auditor (CIA) is an added advantage.
• Membership to a professional association  

Key Job Skills (specific to the job)

IS Audit Manager Job Description:

Position Overview:

The IS Audit Manager role requires a seasoned professional with a robust technical background to oversee and execute comprehensive Information Systems (IS) audits. The successful candidate should possess advanced leadership capabilities and exceptional communication skills to articulate complex technical findings to diverse stakeholders.

Key Technical Competencies:

• Reporting and Audit Documentation: Exceptional proficiency in drafting clear, concise, and insightful audit reports. Expertise in comprehensive audit documentation practices to facilitate understanding and decision-making.
• Stakeholder Management: Proven ability to manage relationships with diverse stakeholders. Ensure effective communication, collaboration, and understanding of audit objectives and outcomes.
• In-depth knowledge of industry-standard security frameworks such as ISO 27001, and NIST, ensuring comprehensive alignment with security best practices.
• Proficient in assessing and enhancing cybersecurity measures, including threat modeling, vulnerability assessments, and incident response planning.
• Advanced understanding of network security protocols and technologies, ensuring robust protection against evolving cyber threats.
• Expertise in evaluating and enhancing security controls within cloud computing environments.
• In-depth understanding of data privacy regulations (e.g., Kenya Data Protection Act) and expertise in recommending controls to ensure compliance.
• Proven ability to identify, assess, and mitigate IT-related risks, incorporating risk management best practices into audit processes.
• Expertise in testing incident response plans, ensuring the organization is well-prepared to handle and recover from security incidents.
• Familiarity with a variety of auditing tools and techniques for assessing system controls, identifying vulnerabilities, and ensuring security measures.
• Stay current with emerging technologies and capability to assess their impact on information security and audit processes.
• Adept in IT governance principles and compliance frameworks, ensuring adherence to regulatory requirements and industry standards.
• Proficient in leveraging data analytics tools (e.g., CaseWare IDEA) for advanced audit procedures, enhancing efficiency and insight generation.
• Understanding of secure software development practices, ensuring that applications are developed with security in mind.
• Stay informed about changes in relevant regulations and compliance requirements, adapting audit processes accordingly.
• In-depth understanding of IT infrastructure components and configurations, ensuring comprehensive evaluations of system controls.
• Effective collaboration with IT teams to bridge technical and audit perspectives, ensuring a holistic approach to information security.
• Application of advanced auditing concepts and methodologies to ensure thorough and compliant audit processes.