JOB PURPOSE

To independently plan and execute complex IT audits across infrastructure, applications, cybersecurity, and emerging technologies. This role requires strong IT audit capabilities and a solid foundation in cybersecurity to assess and enhance the organization’s IT risk posture.

PRINCIPAL ACCOUNTABILITIES

• Lead and deliver IT audits covering IT General Controls (ITGCs), application controls, cybersecurity controls, and IT operations
• Assess compliance with the Kenya Data Protection Act (2019), Insurance Regulatory Authority ICT Guidelines, and other relevant legal or regulatory frameworks
• Perform independent pre- and post-implementation reviews for major IT projects and system changes.
• Audit third-party service providers, outsourced IT services, and cloud-based environments, with emphasis on cybersecurity, data protection, and regulatory compliance.
• Lead the development of the IT audit risk universe and contribute to the annual audit plan.
• Identify and assess IT and cybersecurity risks, and recommend practical improvements aligned to frameworks such as COBIT, NIST, ISO 27001, and ITIL
• Stay informed on emerging IT risks, regulatory developments, and technology trends.
• Prepare and present high-quality audit reports, including findings and actionable recommendations, to senior management and governance bodies.

MINIMUM QUALIFICATIONS - KNOWLEDGE AND EXPERIENCE

• Bachelor’s in information systems, Computer Science, Cybersecurity, or related field.
• 6–8 years of experience in IT auditing or a combination of IT audit and technical roles.
• Mandatory: Hands-on experience performing cybersecurity audits, including assessment of security controls, policies, and governance practices.
• Certifications: CISA (Mandatory)
• Mandatory cybersecurity certification: One of CISSP, CISM, or CRISC
• Active membership in professional bodies such as ISACA or IIA.

SKILLS AND COMPETENCIES

• In-depth knowledge of ITGCs, cybersecurity frameworks, and application/cloud environments
• Familiarity with COBIT, NIST Cybersecurity Framework, ISO 27001, and COSO
• Strong verbal and written communication skills, especially in reporting audit findings to non-technical audiences
• Proven ability to independently lead audits and coach junior auditors
• Experience auditing or working with cloud platforms
• Familiarity with using data analytics tools in audit engagements

• Lead and deliver IT audits covering IT General Controls (ITGCs), application controls, cybersecurity controls, and IT operations
• Assess compliance with the Kenya Data Protection Act (2019), Insurance Regulatory Authority ICT Guidelines, and other relevant legal or regulatory frameworks
• Perform independent pre- and post-implementation reviews for major IT projects and system changes.
• Audit third-party service providers, outsourced IT services, and cloud-based environments, with emphasis on cybersecurity, data protection, and regulatory compliance.
• Lead the development of the IT audit risk universe and contribute to the annual audit plan.
• Identify and assess IT and cybersecurity risks, and recommend practical improvements aligned to frameworks such as COBIT, NIST, ISO 27001, and ITIL
• Stay informed on emerging IT risks, regulatory developments, and technology trends.
• Prepare and present high-quality audit reports, including findings and actionable recommendations, to senior management and governance bodies.

• In-depth knowledge of ITGCs, cybersecurity frameworks, and application/cloud environments
• Familiarity with COBIT, NIST Cybersecurity Framework, ISO 27001, and COSO
• Strong verbal and written communication skills, especially in reporting audit findings to non-technical audiences
• Proven ability to independently lead audits and coach junior auditors
• Experience auditing or working with cloud platforms
• Familiarity with using data analytics tools in audit engagements

• Bachelor’s in information systems, Computer Science, Cybersecurity, or related field.
• 6–8 years of experience in IT auditing or a combination of IT audit and technical roles.
• Mandatory: Hands-on experience performing cybersecurity audits, including assessment of security controls, policies, and governance practices.
• Certifications: CISA (Mandatory)
• Mandatory cybersecurity certification: One of CISSP, CISM, or CRISC
• Active membership in professional bodies such as ISACA or IIA.