The Senior Information System Auditor is responsible for independently planning and executing complex IT audits across infrastructure, applications, cybersecurity, and emerging technologies. This role requires strong IT audit capabilities and a solid foundation in cybersecurity to assess and enhance the organization’s IT risk posture.
Principal Accountabilities
- Audit Leadership: Lead and deliver IT audits covering IT General Controls (ITGCs), application controls, cybersecurity controls, and IT operations.
- Compliance Assessment: Assess compliance with the Kenya Data Protection Act (2019), Insurance Regulatory Authority ICT Guidelines, and other relevant legal or regulatory frameworks.
- System Reviews: Perform independent pre- and post-implementation reviews for major IT projects and system changes.
- Third-Party Audits: Audit third-party service providers, outsourced IT services, and cloud-based environments, with emphasis on cybersecurity, data protection, and regulatory compliance.
- Risk Management: Lead the development of the IT audit risk universe and contribute to the annual audit plan.
- Framework Alignment: Identify and assess IT and cybersecurity risks, and recommend practical improvements aligned to frameworks such as COBIT, NIST, ISO 27001, and ITIL.
- Trend Monitoring: Stay informed on emerging IT risks, regulatory developments, and technology trends.
- Reporting: Prepare and present high-quality audit reports, including findings and actionable recommendations, to senior management and governance bodies.
Minimum Qualifications, Knowledge and Experience
- Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related field.
- 6–8 years of experience in IT auditing or a combination of IT audit and technical roles.
- Mandatory: Hands-on experience performing cybersecurity audits, including assessment of security controls, policies, and governance practices.
- Certifications: CISA (Mandatory).
- Mandatory Cybersecurity Certification: One of CISSP, CISM, or CRISC.
- Active membership in professional bodies such as ISACA or IIA.
Skills and Competencies
- In-depth knowledge of ITGCs, cybersecurity frameworks, and application/cloud environments.
- Familiarity with COBIT, NIST Cybersecurity Framework, ISO 27001, and COSO.
- Strong verbal and written communication skills, especially in reporting audit findings to non-technical audiences.
- Proven ability to independently lead audits and coach junior auditors.
- Experience auditing or working with cloud platforms.
- Familiarity with using data analytics tools in audit engagements.
How to Apply
To apply, send your Curriculum vitae (CV) and cover letter to recruitment@kenindia.com and quote the job title on the subject of the e-mail by 25th February 2026 at 5:00pm.
