Job Description
Key Responsibilities
- Develop comprehensive risk-based audit plans covering information systems, digital platforms, ICT operations, and technology-supported business processes.
- Conduct independent information systems audits in accordance with approved annual audit programmes and internationally accepted internal auditing standards.
- Review ICT governance structures and evaluate whether technology resources adequately support organizational objectives.
- Assess the effectiveness of internal controls implemented across business applications, databases, networks, and supporting infrastructure.
- Examine cybersecurity controls designed to protect organizational information assets from unauthorized access, cyber threats, and operational vulnerabilities.
- Evaluate system development practices to confirm that new applications comply with established governance requirements and quality standards.
- Review user access management procedures to ensure appropriate authorization, segregation of duties, and accountability.
- Assess data integrity controls to verify the accuracy, completeness, consistency, and reliability of organizational information.
- Evaluate backup procedures, disaster recovery arrangements, and business continuity mechanisms to determine operational readiness.
- Review ICT policies, procedures, and standards for compliance with legal, regulatory, and organizational requirements.
- Conduct operational, financial, compliance, and special audits involving technology-enabled processes whenever assigned.
- Identify weaknesses in internal control environments and recommend practical, risk-based corrective measures.
- Perform testing of automated controls and document audit evidence supporting findings and conclusions.
- Prepare accurate working papers that fully support audit observations, recommendations, and professional judgments.
- Analyse technology risks affecting organizational performance and recommend suitable mitigation strategies.
- Evaluate the effectiveness of ICT infrastructure controls supporting business operations.
- Review system maintenance practices and confirm adherence to approved operational procedures.
- Assess database administration controls and recommend improvements where necessary.
- Examine revenue and expenditure processes supported by information systems to ensure proper safeguards are maintained.
- Monitor compliance with established internal policies, statutory regulations, and recognized industry standards.
- Prepare clear, concise, and well-structured audit reports for management review.
- Present audit findings professionally during departmental meetings and management discussions.
- Follow up previously issued audit recommendations and verify implementation of agreed corrective actions.
- Support continuous improvement initiatives by identifying opportunities to strengthen governance frameworks.
- Participate in organizational risk assessments and contribute to enterprise risk management initiatives.
- Maintain confidentiality of sensitive organizational information obtained during audit assignments.
- Build positive working relationships with departmental representatives while maintaining professional independence.
- Keep current with developments in information systems auditing, cybersecurity, governance, and emerging technologies.
- Contribute to Audit Committee documentation, reports, presentations, and meeting preparations where required.
- Perform any other internal audit responsibilities that may reasonably be assigned in support of departmental objectives.
Qualifications & Requirements
- Bachelor's degree in accounting, Finance, Information Systems, Computer Science, Information Technology, or another relevant discipline from a recognized institution.
- Professional certification in Information Systems Audit.
- Membership in ISACA in good professional standing.
- CPA (K) qualification will be an added advantage.
- Membership with the Institute of Internal Auditors (IIA) or ICPAK in good standing will be an added advantage.
- Supervisory or management training from a recognized institution.
- Minimum of three years of relevant experience in information systems auditing.
- Strong understanding of ICT governance, cybersecurity, and risk management principles.
- Excellent analytical and investigative skills.
- Knowledge of internal control frameworks and audit methodologies.
- Ability to prepare professional audit reports.
- Excellent verbal and written communication skills.
- Strong problem
- solving and decision
- making abilities.
- High ethical standards and unquestionable integrity.
- Strong organizational and planning skills.
- Ability to work independently with minimal supervision.
- Good stakeholder engagement and interpersonal skills.
- Proficiency in Microsoft Office applications and audit documentation tools.
- Ability to manage multiple assignments within established deadlines.
- Commitment to continuous professional development.
- Must satisfy the requirements of Chapter Six of the Constitution of Kenya.
How to Apply
Interested and qualified candidates should submit their application through the official KENTRADE recruitment process before the application deadline. Applicants should ensure that all required documents, including an updated curriculum vitae, academic and professional certificates, relevant membership certificates, and any other supporting documentation requested by the employer, are attached during the application process. Only shortlisted candidates will be contacted for the next stage of recruitment. KENTRADE is an equal opportunity employer and encourages applications from all qualified candidates who meet the stated requirements. Ensure that all information provided is accurate, complete, and verifiable before submitting your application.