Kenindia Insurance Ltd, was established as merger of Indian Insurance Companies operating in Kenya to form a vibrant joint venture with moral and financial support from leading local business elite on 6th December 1978.

JOB PURPOSE

To independently plan and execute complex IT audits across infrastructure, applications, cybersecurity, and emerging technologies. This role requires strong IT audit capabilities and a solid foundation in cybersecurity to assess and enhance the organization’s IT risk posture.

PRINCIPAL ACCOUNTABILITIES

• Lead and deliver IT audits covering IT General Controls (ITGCs), application controls, cybersecurity controls, and IT operations
• Assess compliance with the Kenya Data Protection Act (2019), Insurance Regulatory Authority ICT Guidelines, and other relevant legal or regulatory frameworks
• Perform independent pre- and post-implementation reviews for major IT projects and system changes.
• Audit third-party service providers, outsourced IT services, and cloud-based environments, with emphasis on cybersecurity, data protection, and regulatory compliance.
• Lead the development of the IT audit risk universe and contribute to the annual audit plan.
• Identify and assess IT and cybersecurity risks, and recommend practical improvements aligned to frameworks such as COBIT, NIST, ISO 27001, and ITIL
• Stay informed on emerging IT risks, regulatory developments, and technology trends.
• Prepare and present high-quality audit reports, including findings and actionable recommendations, to senior management and governance bodies.

MINIMUM QUALIFICATIONS - KNOWLEDGE AND EXPERIENCE

• Bachelor’s in information systems, Computer Science, Cybersecurity, or related field.
• 6–8 years of experience in IT auditing or a combination of IT audit and technical roles.
• Mandatory: Hands-on experience performing cybersecurity audits, including assessment of security controls, policies, and governance practices.
• Certifications: CISA (Mandatory)
• Mandatory cybersecurity certification: One of CISSP, CISM, or CRISC
• Active membership in professional bodies such as ISACA or IIA

• Lead and deliver IT audits covering IT General Controls (ITGCs), application controls, cybersecurity controls, and IT operations
• Assess compliance with the Kenya Data Protection Act (2019), Insurance Regulatory Authority ICT Guidelines, and other relevant legal or regulatory frameworks
• Perform independent pre- and post-implementation reviews for major IT projects and system changes.
• Audit third-party service providers, outsourced IT services, and cloud-based environments, with emphasis on cybersecurity, data protection, and regulatory compliance.
• Lead the development of the IT audit risk universe and contribute to the annual audit plan.
• Identify and assess IT and cybersecurity risks, and recommend practical improvements aligned to frameworks such as COBIT, NIST, ISO 27001, and ITIL
• Stay informed on emerging IT risks, regulatory developments, and technology trends.
• Prepare and present high-quality audit reports, including findings and actionable recommendations, to senior management and governance bodies.

• IT auditing
• Cybersecurity audits
• Assessment of security controls, policies, and governance practices
• Compliance assessment (Kenya Data Protection Act, Insurance Regulatory Authority ICT Guidelines)
• Pre- and post-implementation reviews
• Third-party service provider audits
• Cloud-based environment audits
• Risk assessment and management
• Frameworks such as COBIT, NIST, ISO 27001, ITIL
• Report writing
• Presentation skills

• Bachelor’s in information systems, Computer Science, Cybersecurity, or related field.
• CISA (Mandatory)
• One of CISSP, CISM, or CRISC (Mandatory cybersecurity certification)
• Active membership in professional bodies such as ISACA or IIA