Senior Internal Auditor II ) (Information Systems Auditor) at Technical University of Mombasa

Professional Requirement

• Must possess a Master degree in Accounting/Finance/Computer Science/ Information Technology or a relevant field from an accredited/recognized institution;
• Must possess CPA Part II or equivalent;
• Must possess at least three (3) years relevant experience as an Information Systems Auditor at Grade 11N OR comparable duties and responsibilities.
• Must be a Certified Information Systems Auditor (CISA).

OR

• Must possess a Bachelor degree in Accounting/Finance/Computer Science/ Information Technology or related field from an accredited/recognized institution;
• Must possess CPA (K) or equivalent;
• Must possess at least three (3) years relevant experience as an Information Systems Auditor at Grade 11N OR comparable duties and responsibilities.
• Must be a Certified Information Systems Auditor (CISA).

 Duties and Responsibilities

• Design and implement comprehensive annual audit programs encompassing both financial and information systems reviews.
• Oversee the audit schedule to ensure assignments are completed on time and in    accordance with plan.
• Evaluate the design and operating effectiveness of internal controls to support business objectives.
• Conduct risk-based audit engagements, identify control deficiencies, and propose actionable enhancements.
• Verify compliance with applicable legislation, regulatory requirements, internal policies, and professional auditing standards.
• Continuously refine audit methodologies to reflect changes in best practices and regulatory mandates.
• Assess the robustness of controls within IT environments—including cybersecurity measures, data-protection protocols, and change-management processes.
•   Review and advise on IT governance policies, procedures, and third-party  agreements.
• Perform vulnerability assessments and penetration testing, and evaluate incident-   response preparedness.
• Monitor emerging information-systems risks, offering expert guidance on mitigation strategies.
• Provide support during security incident investigations and contribute to threat-response initiatives.
• Stay abreast of developments in audit methodologies, information-systems technologies, and cybersecurity trends.
• Draft and present clear, concise audit reports—highlighting findings, recommendations, and remediation plans—to management and key stakeholders.
• Track the implementation of agreed-upon remedial actions to ensure effective  resolution.
• Prepare detailed documentation for presentation to the Board Audit Committee.
• Support the enterprise risk-management function by providing tec