Senior Information System Auditor at Kenindia Assurance Company Limited

JOB PURPOSE

• To independently plan and execute complex IT audits across infrastructure, applications, cybersecurity, and emerging technologies. This role requires strong IT audit capabilities and a solid foundation in cybersecurity to assess and enhance the organization’s IT risk posture.

PRINCIPAL ACCOUNTABILITIES

• Lead and deliver IT audits covering IT General Controls (ITGCs), application controls, cybersecurity controls, and IT operations
• Assess compliance with the Kenya Data Protection Act (2019), Insurance Regulatory Authority ICT Guidelines, and other relevant legal or regulatory frameworks
• Perform independent pre- and post-implementation reviews for major IT projects and system changes.
• Audit third-party service providers, outsourced IT services, and cloud-based environments, with emphasis on cybersecurity, data protection, and regulatory compliance.
• Lead the development of the IT audit risk universe and contribute to the annual audit plan.
• Identify and assess IT and cybersecurity risks, and recommend practical improvements aligned to frameworks such as COBIT, NIST, ISO 27001, and ITIL
• Stay informed on emerging IT risks, regulatory developments, and technology trends.
• Prepare and present high-quality audit reports, including findings and actionable recommendations, to senior management and governance bodies.

MINIMUM QUALIFICATIONS - KNOWLEDGE AND EXPERIENCE

• Bachelor’s in information systems, Computer Science, Cybersecurity, or related field.
• 6–8 years of experience in IT auditing or a combination of IT audit and technical roles.
• Mandatory: Hands-on experience performing cybersecurity audits, including assessment of security controls, policies, and governance practices.
• Certifications: CISA (Mandatory)
• Mandatory cybersecurity certification: One of CISSP, CISM, or CRISC
• Active membership in professional bodies such as ISACA or IIA