JOB PURPOSE
To independently plan and execute complex IT audits across infrastructure, applications, cybersecurity, and emerging technologies. This role requires strong IT audit capabilities and a solid foundation in cybersecurity to assess and enhance the organization's IT risk posture.
PRINCIPAL ACCOUNTABILITIES
Lead and deliver IT audits covering IT General Controls (ITGCs), application controls, cybersecurity controls, and IT operations
Assess compliance with the Kenya Data Protection Act (2019), Insurance Regulatory Authority ICT Guidelines, and other
relevant legal or regulatory frameworks
Perform independent pre- and post-implementation reviews for major IT projects and system changes.
Audit third-party service providers, outsourced IT services, and cloud-based environments, with emphasis on cybersecurity, data protection, and regulatory compliance.
Lead the development of the IT audit risk universe and contribute to the annual audit plan.
Identify and assess IT and cybersecurity risks, and recommend practical improvements aligned to frameworks such as COBIT, NIST, ISO 27001, and ITIL
Stay informed on emerging IT risks, regulatory developments, and technology trends.
Prepare and present high-quality audit reports, including findings and actionable recommendations, to senior management and governance bodies.
MINIMUM QUALIFICATIONS - KNOWLEDGE AND EXPERIENCE
Bachelor's in information systems, Computer Science, Cybersecurity, or related field.
6 - 8 years of experience in IT auditing or a combination of IT audit and technical roles.
Mandatory: Hands-on experience performing cybersecurity audits, including assessment of security controls, policies, and governance practices.
Certifications: CISA (Mandatory)
Mandatory cybersecurity certification: One of CISSP, CISM, or CRISC
Active membership in professional bodies such as ISACA or IIA.
SKILLS AND COMPETENCIES
In-depth knowledge of ITGCs, cybersecurity frameworks, and application/cloud environments
Familiarity with COBIT, NIST Cybersecurity Framework, ISO 27001, and COSO
Strong verbal and written communication skills, especially in reporting audit findings to non-technical audiences
Proven ability to independently lead audits and coach junior auditors
Experience auditing or working with cloud platforms
Familiarity with using data analytics tools in audit engagements