Senior Systems Auditor
2026-06-19T09:43:12+00:00
The Nairobi Hospital
https://cdn.greatkenyanjobs.com/jsjobsdata/data/employer/comp_2742/logo/The%20Nairobi%20Hospital.png
https://www.greatkenyanjobs.com/employers/company-detail/company-The-Nairobi-Hospital-2742/nav-42
FULL_TIME
Nairobi
Nairobi
00100
Kenya
Health Care
Computer & IT, Management, Business Operations
2026-06-30T17:00:00+00:00
8
Background information about the job or company (e.g., role context, company overview)
The overall purpose of this role is to plan, lead, and execute technology and information systems audits across the Hospital’s ICT environment, to exercise supervisory oversight over the Information Systems Audit Unit, and to handle technically complex IS audit assignments in direct conjunction with the Internal Audit Manager. The role provides independent, risk-based assurance over the Hospital’s Kranium HMIS, Navision ERP, and wider digital infrastructure, in line with the approved Annual Audit Work Plan, and provides functional leadership to other internal auditors through the TeamMate Audit and TeamMate Analytics platforms, ensuring that audit planning, fieldwork, data analytics, evidence management, and reporting are executed on a fully automated, end-to-end basis.
Responsibilities or duties
- Lead and execute risk-based IS audit engagements across the Hospital’s Kranium HMIS, Navision ERP, LIMS, PACS, billing platforms, and digital infrastructure, in accordance with IIA Standards and ISACA/COBIT frameworks.
- Develop IS audit programmes covering IT General Controls (ITGC), application controls, access management, change management, cybersecurity controls, and data governance.
- Assess the design and operating effectiveness of these controls, including network security and application-level controls, within clinical and administrative systems.
- Provide supervisory oversight over the Information Systems Audit Unit by planning and assigning IS audit work, reviewing working papers and draft audit reports for technical adequacy, and coaching the Information Systems Auditor.
- Lead other internal auditors in the use of the TeamMate Audit and TeamMate Analytics platforms, configuring platform workflows and automation rules so that the audit lifecycle is fully automated end-to-end, from planning through to issue tracking and closure.
- Handle complex and technically demanding IS audit assignments in direct conjunction with the Internal Audit Manager, including major system implementations, cybersecurity assurance reviews, penetration testing assurance, and data migration controls.
- Work with the ICT Director and project teams to provide assurance on Kranium HMIS and Navision ERP implementations and upgrades, ensuring controls are embedded at each project milestone.
- Review the integrity, reliability, and security of data generated by Kranium HMIS and Navision ERP, and assess the adequacy of controls over data capture, processing, storage, and reporting.
- Evaluate disaster recovery (DR) testing outcomes and business continuity plan (BCP) adequacy for IT-dependent Hospital operations.
- Test and identify network and system vulnerabilities, and develop counteractive strategies to protect the Hospital’s information systems and data assets.
- Apply the TeamMate Analytics platform, alongside other Computer-Assisted Audit Techniques (CAATs), across Kranium HMIS, Navision ERP, pharmacy, and laboratory transaction data.
- Review ICT policies, procedures, and work instructions for adequacy and alignment to best practice and regulatory requirements.
- Provide assurance on data privacy and protection in line with the Kenya Data Protection Act, 2019 and the Data Protection (General) Regulations, 2021.
- Prepare IS audit reports with risk-rated findings, root cause analysis, and actionable recommendations, and present draft reports to the Internal Audit Manager for review and finalisation.
- Monitor implementation of agreed management actions, escalating overdue or insufficient responses to the Internal Audit Manager.
- Keep abreast of technology developments, emerging cybersecurity threats, and IS audit standards to provide advisory input on ICT risks to the Hospital.
- Advise on ICT-related training needs and capacity building within the Information Systems Audit Unit.
- Represent the Internal Audit Department in technology governance committees or working groups.
- Carry out any other responsibilities assigned by the Internal Audit Manager from time to time.
Qualifications or requirements (e.g., education, skills)
The ideal candidate should possess:
- Bachelor’s Degree in Computer Science, Information Technology, Information Systems, Software Engineering, or Cybersecurity from a recognised institution.
- Certified Information Systems Auditor (CISA) issued by ISACA mandatory at the time of appointment.
- Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) issued by ISACA – added advantage.
- CISSP (Certified Information Systems Security Professional) issued by ISC2, Certified Ethical Hacker (CEH), or an equivalent professional cybersecurity certification – added advantage.
- Certified Internal Auditor (CIA) issued by the Institute of Internal Auditors – added advantage.
- Certified Public Accountant CPA (K) or ACCA – added advantage.
- Active member of ISACA.
Experience needed
- Minimum of 6 years’ IS audit experience including hands-on work with ITGC, application controls, cybersecurity audit, and COBIT 2019.
- Working knowledge of Kranium HMIS, Navision ERP, LIMS, and PACS in a hospital or regulated environment.
- Working knowledge of the TeamMate Audit and TeamMate Analytics platforms (or equivalent audit management and data analytics tools), with the ability to lead and train other auditors in their use.
- Familiarity with ISO/IEC 27001, IIA Standards, and the Kenya Data Protection Act, 2019.
* Lead and execute risk-based IS audit engagements across the Hospital’s Kranium HMIS, Navision ERP, LIMS, PACS, billing platforms, and digital infrastructure, in accordance with IIA Standards and ISACA/COBIT frameworks. * Develop IS audit programmes covering IT General Controls (ITGC), application controls, access management, change management, cybersecurity controls, and data governance. * Assess the design and operating effectiveness of these controls, including network security and application-level controls, within clinical and administrative systems. * Provide supervisory oversight over the Information Systems Audit Unit by planning and assigning IS audit work, reviewing working papers and draft audit reports for technical adequacy, and coaching the Information Systems Auditor. * Lead other internal auditors in the use of the TeamMate Audit and TeamMate Analytics platforms, configuring platform workflows and automation rules so that the audit lifecycle is fully automated end-to-end, from planning through to issue tracking and closure. * Handle complex and technically demanding IS audit assignments in direct conjunction with the Internal Audit Manager, including major system implementations, cybersecurity assurance reviews, penetration testing assurance, and data migration controls. * Work with the ICT Director and project teams to provide assurance on Kranium HMIS and Navision ERP implementations and upgrades, ensuring controls are embedded at each project milestone. * Review the integrity, reliability, and security of data generated by Kranium HMIS and Navision ERP, and assess the adequacy of controls over data capture, processing, storage, and reporting. * Evaluate disaster recovery (DR) testing outcomes and business continuity plan (BCP) adequacy for IT-dependent Hospital operations. * Test and identify network and system vulnerabilities, and develop counteractive strategies to protect the Hospital’s information systems and data assets. * Apply the TeamMate Analytics platform, alongside other Computer-Assisted Audit Techniques (CAATs), across Kranium HMIS, Navision ERP, pharmacy, and laboratory transaction data. * Review ICT policies, procedures, and work instructions for adequacy and alignment to best practice and regulatory requirements. * Provide assurance on data privacy and protection in line with the Kenya Data Protection Act, 2019 and the Data Protection (General) Regulations, 2021. * Prepare IS audit reports with risk-rated findings, root cause analysis, and actionable recommendations, and present draft reports to the Internal Audit Manager for review and finalisation. * Monitor implementation of agreed management actions, escalating overdue or insufficient responses to the Internal Audit Manager. * Keep abreast of technology developments, emerging cybersecurity threats, and IS audit standards to provide advisory input on ICT risks to the Hospital. * Advise on ICT-related training needs and capacity building within the Information Systems Audit Unit. * Represent the Internal Audit Department in technology governance committees or working groups. * Carry out any other responsibilities assigned by the Internal Audit Manager from time to time.
* ITGC * Application controls * Cybersecurity audit * COBIT 2019 * Kranium HMIS * Navision ERP * LIMS * PACS * TeamMate Audit * TeamMate Analytics * ISO/IEC 27001 * IIA Standards * Kenya Data Protection Act, 2019
* Bachelor’s Degree in Computer Science, Information Technology, Information Systems, Software Engineering, or Cybersecurity from a recognised institution. * Certified Information Systems Auditor (CISA) issued by ISACA mandatory at the time of appointment. * Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) issued by ISACA – added advantage. * CISSP (Certified Information Systems Security Professional) issued by ISC2, Certified Ethical Hacker (CEH), or an equivalent professional cybersecurity certification – added advantage. * Certified Internal Auditor (CIA) issued by the Institute of Internal Auditors – added advantage. * Certified Public Accountant CPA (K) or ACCA – added advantage. * Active member of ISACA.
JOB-6a350f301f6ce
Vacancy title:
Senior Systems Auditor
[Type: FULL_TIME, Industry: Health Care, Category: Computer & IT, Management, Business Operations]
Jobs at:
The Nairobi Hospital
Deadline of this Job:
Tuesday, June 30 2026
Duty Station:
Nairobi | Nairobi
Summary
Date Posted: Friday, June 19 2026, Base Salary: Not Disclosed
Similar Jobs in Kenya
Learn more about The Nairobi Hospital
The Nairobi Hospital jobs in Kenya
JOB DETAILS:
Background information about the job or company (e.g., role context, company overview)
The overall purpose of this role is to plan, lead, and execute technology and information systems audits across the Hospital’s ICT environment, to exercise supervisory oversight over the Information Systems Audit Unit, and to handle technically complex IS audit assignments in direct conjunction with the Internal Audit Manager. The role provides independent, risk-based assurance over the Hospital’s Kranium HMIS, Navision ERP, and wider digital infrastructure, in line with the approved Annual Audit Work Plan, and provides functional leadership to other internal auditors through the TeamMate Audit and TeamMate Analytics platforms, ensuring that audit planning, fieldwork, data analytics, evidence management, and reporting are executed on a fully automated, end-to-end basis.
Responsibilities or duties
- Lead and execute risk-based IS audit engagements across the Hospital’s Kranium HMIS, Navision ERP, LIMS, PACS, billing platforms, and digital infrastructure, in accordance with IIA Standards and ISACA/COBIT frameworks.
- Develop IS audit programmes covering IT General Controls (ITGC), application controls, access management, change management, cybersecurity controls, and data governance.
- Assess the design and operating effectiveness of these controls, including network security and application-level controls, within clinical and administrative systems.
- Provide supervisory oversight over the Information Systems Audit Unit by planning and assigning IS audit work, reviewing working papers and draft audit reports for technical adequacy, and coaching the Information Systems Auditor.
- Lead other internal auditors in the use of the TeamMate Audit and TeamMate Analytics platforms, configuring platform workflows and automation rules so that the audit lifecycle is fully automated end-to-end, from planning through to issue tracking and closure.
- Handle complex and technically demanding IS audit assignments in direct conjunction with the Internal Audit Manager, including major system implementations, cybersecurity assurance reviews, penetration testing assurance, and data migration controls.
- Work with the ICT Director and project teams to provide assurance on Kranium HMIS and Navision ERP implementations and upgrades, ensuring controls are embedded at each project milestone.
- Review the integrity, reliability, and security of data generated by Kranium HMIS and Navision ERP, and assess the adequacy of controls over data capture, processing, storage, and reporting.
- Evaluate disaster recovery (DR) testing outcomes and business continuity plan (BCP) adequacy for IT-dependent Hospital operations.
- Test and identify network and system vulnerabilities, and develop counteractive strategies to protect the Hospital’s information systems and data assets.
- Apply the TeamMate Analytics platform, alongside other Computer-Assisted Audit Techniques (CAATs), across Kranium HMIS, Navision ERP, pharmacy, and laboratory transaction data.
- Review ICT policies, procedures, and work instructions for adequacy and alignment to best practice and regulatory requirements.
- Provide assurance on data privacy and protection in line with the Kenya Data Protection Act, 2019 and the Data Protection (General) Regulations, 2021.
- Prepare IS audit reports with risk-rated findings, root cause analysis, and actionable recommendations, and present draft reports to the Internal Audit Manager for review and finalisation.
- Monitor implementation of agreed management actions, escalating overdue or insufficient responses to the Internal Audit Manager.
- Keep abreast of technology developments, emerging cybersecurity threats, and IS audit standards to provide advisory input on ICT risks to the Hospital.
- Advise on ICT-related training needs and capacity building within the Information Systems Audit Unit.
- Represent the Internal Audit Department in technology governance committees or working groups.
- Carry out any other responsibilities assigned by the Internal Audit Manager from time to time.
Qualifications or requirements (e.g., education, skills)
The ideal candidate should possess:
- Bachelor’s Degree in Computer Science, Information Technology, Information Systems, Software Engineering, or Cybersecurity from a recognised institution.
- Certified Information Systems Auditor (CISA) issued by ISACA mandatory at the time of appointment.
- Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) issued by ISACA – added advantage.
- CISSP (Certified Information Systems Security Professional) issued by ISC2, Certified Ethical Hacker (CEH), or an equivalent professional cybersecurity certification – added advantage.
- Certified Internal Auditor (CIA) issued by the Institute of Internal Auditors – added advantage.
- Certified Public Accountant CPA (K) or ACCA – added advantage.
- Active member of ISACA.
Experience needed
- Minimum of 6 years’ IS audit experience including hands-on work with ITGC, application controls, cybersecurity audit, and COBIT 2019.
- Working knowledge of Kranium HMIS, Navision ERP, LIMS, and PACS in a hospital or regulated environment.
- Working knowledge of the TeamMate Audit and TeamMate Analytics platforms (or equivalent audit management and data analytics tools), with the ability to lead and train other auditors in their use.
- Familiarity with ISO/IEC 27001, IIA Standards, and the Kenya Data Protection Act, 2019.
Work Hours: 8
Experience in Months: 12
Level of Education: bachelor degree
Job application procedure
Interested in applying for this job? Click here to submit your application now.
Method of Application
If your background, experience and competence match the above specifications, please send us your application (cover letter & CV/Resume) quoting the job reference number, testimonials and full contact details of 3 referees, to reach the undersigned not later than 30th June, 2026. We shall ONLY accept ONLINE applications.
The Nairobi Hospital does NOT charge recruitment fees.
Head of Human Resources
The Nairobi Hospital
P. O. Box 30026 – 00100
NAIROBI
All Jobs | QUICK ALERT SUBSCRIPTION
