Senior Systems Auditor

REF: TNH/HHR/ SSA /06/2026

The overall purpose of this role is to plan, lead, and execute technology and information systems audits across the Hospital’s ICT environment, to exercise supervisory oversight over the Information Systems Audit Unit, and to handle technically complex IS audit assignments in direct conjunction with the Internal Audit Manager. The role provides independent, risk-based assurance over the Hospital’s Kranium HMIS, Navision ERP, and wider digital infrastructure, in line with the approved Annual Audit Work Plan, and provides functional leadership to other internal auditors through the TeamMate Audit and TeamMate Analytics platforms, ensuring that audit planning, fieldwork, data analytics, evidence management, and reporting are executed on a fully automated, end-to-end basis.

Key Responsibilities

• Lead and execute risk-based IS audit engagements across the Hospital’s Kranium HMIS, Navision ERP, LIMS, PACS, billing platforms, and digital infrastructure, in accordance with IIA Standards and ISACA/COBIT frameworks.
• Develop IS audit programmes covering IT General Controls ITGC, application controls, access management, change management, cybersecurity controls, and data governance.
• Assess the design and operating effectiveness of these controls, including network security and application-level controls, within clinical and administrative systems.
• Provide supervisory oversight over the Information Systems Audit Unit by planning and assigning IS audit work, reviewing working papers and draft audit reports for technical adequacy, and coaching the Information Systems Auditor.
• Lead other internal auditors in the use of the TeamMate Audit and TeamMate Analytics platforms, configuring platform workflows and automation rules so that the audit lifecycle is fully automated end-to-end, from planning through to issue tracking and closure.
• Handle complex and technically demanding IS audit assignments in direct conjunction with the Internal Audit Manager, including major system implementations, cybersecurity assurance reviews, penetration testing assurance, and data migration controls.
• Work with the ICT Director and project teams to provide assurance on Kranium HMIS and Navision ERP implementations and upgrades, ensuring controls are embedded at each project milestone.
• Review the integrity, reliability, and security of data generated by Kranium HMIS and Navision ERP, and assess the adequacy of controls over data capture, processing, storage, and reporting.
• Evaluate disaster recovery DR testing outcomes and business continuity plan BCP adequacy for IT-dependent Hospital operations.
• Test and identify network and system vulnerabilities, and develop counteractive strategies to protect the Hospital’s information systems and data assets.
• Apply the TeamMate Analytics platform, alongside other Computer-Assisted Audit Techniques CAATs, across Kranium HMIS, Navision ERP, pharmacy, and laboratory transaction data.
• Review ICT policies, procedures, and work instructions for adequacy and alignment to best practice and regulatory requirements.
• Provide assurance on data privacy and protection in line with the Kenya Data Protection Act, 2019 and the Data Protection General Regulations, 2021.
• Prepare IS audit reports with risk-rated findings, root cause analysis, and actionable recommendations, and present draft reports to the Internal Audit Manager for review and finalisation.
• Monitor implementation of agreed management actions, escalating overdue or insufficient responses to the Internal Audit Manager.
• Keep abreast of technology developments, emerging cybersecurity threats, and IS audit standards to provide advisory input on ICT risks to the Hospital.
• Advise on ICT-related training needs and capacity building within the Information Systems Audit Unit.
• Represent the Internal Audit Department in technology governance committees or working groups.
• Carry out any other responsibilities assigned by the Internal Audit Manager from time to time.

Qualifications

The ideal candidate should possess:

• Bachelor’s Degree in Computer Science, Information Technology, Information Systems, Software Engineering, or Cybersecurity from a recognised institution.
• Certified Information Systems Auditor CISA issued by ISACA mandatory at the time of appointment.
• Certified Information Security Manager CISM or Certified in Risk and Information Systems Control CRISC issued by ISACA – added advantage.
• CISSP Certified Information Systems Security Professional issued by ISC2, Certified Ethical Hacker CEH, or an equivalent professional cybersecurity certification – added advantage.
• Certified Internal Auditor CIA issued by the Institute of Internal Auditors – added advantage.
• Certified Public Accountant CPA K or ACCA – added advantage.
• Active member of ISACA.
• Minimum of 6 years’ IS audit experience including hands-on work with ITGC, application controls, cybersecurity audit, and COBIT 2019.
• Working knowledge of Kranium HMIS, Navision ERP, LIMS, and PACS in a hospital or regulated environment.
• Working knowledge of the TeamMate Audit and TeamMate Analytics platforms or equivalent audit management and data analytics tools, with the ability to lead and train other auditors in their use.
• Familiarity with ISO/IEC 27001, IIA Standards, and the Kenya Data Protection Act, 2019.