Information Systems Auditor
Reports To:
: General Manager -
Internal Audit
Department
: Internal Audit
Job Summary:
This position is responsible
for providing independent assurance on GA Insurance Limited’s information
systems, by ensuring that the risk management procedures, governance processes,
and control mechanisms in place are adequate to safeguard the Information
Systems of the Company at all times.
Duties and Responsibilities:
Participate in the development, execution, and
monitoring of the annual information systems internal audit plan.
Perform assessments of all the business information
systems to evaluate controls adequacy, effectiveness, and efficiency to support
business processes.
Evaluate the adequacy and effectiveness of controls
for information systems and technology processes, including those related to
data protection, change management, and cyber security.
Conduct compliance assessments against information
security standards, including ISO 27001, NIST Cybersecurity Framework, PCI DSS,
and HIPAA guidelines, to ensure data security, regulatory compliance, risk
mitigation, and operational efficiency.
Communicate audit results and recommendations to key
stakeholders including management and business process owners.
Collaborate with the Technology Services and IT
security teams to ensure that appropriate controls are in place for optimal
operational functionality of Information Systems.
Stay up to date on emerging technology and security
vulnerabilities, and threats in the Information Systems landscape and provide
relevant and timely advice to stakeholders where necessary.
Review the IT governance documents, strategies,
policies, contracts, and procedure documents.
Provide advice in resolving information security
incidents.
Participate in ensuring quality in all work
delivered including meeting the standards for working papers, and actively
giving insights and supporting the implementation of corrective actions
based on recommendations to audit observations.
Provide support in drafting suitable audit reports
highlighting key control weaknesses as well as non-compliance with procedures,
policies, and regulatory requirements.
Participate in the preparation of the Board Audit
Committee files.
Job Holder Specifications:
Education/Qualifications:
A Bachelor’s Degree in Accounting, Finance,
Commerce, Economics, IT or a related field.
Professional qualification in information systems
audit such as Certified Information Systems Auditor (CISA), Certified in the
Governance of Enterprise IT (CGEIT), Certified Information Security Manager
(CISM), Certified Internal Auditor (CIA) is an added advantage.
Working Experience:
At least 5 years working experience in a similar
role.
Competencies;
Technical Competencies
Knowledge of the Institute of Internal Auditors
International Professional Practice Framework.
Knowledge of current technological Developments and
emerging trends.
Proficient in Project Management methodologies and
associated controls.
Proficient in Report writing.
Ability to observe and understand business
processes.
Proficiency in Governance, Risk Management, and
Compliance (GRC) principles and their application in information systems
governance and security.
Knowledge and experience in the use of CAATs.
Knowledge of information systems and related
technology.
Knowledge of risk management concepts and principles
Proficiency in evaluating system backup procedures,
disaster recovery capability, and maintenance procedures.
Knowledge of software requirements for the auditing
of computing systems and procedures.
Behavioral Competencies
Strong analytical and organizational &
problem-solving skills.
Personal attributes: integrity, dependable,
initiative-taking, results-oriented, creative, and strong interpersonal skills.
Ability to operationalize strategy into action for
the function.
Effective communication skills, both verbal &
written.
If you meet the above minimum
requirements, send your C.V to careers@gakenya.com indicate
the position applied for on the email subject line to be received on or before
27th October 2023. Only shortlisted candidates will be contacted.
