Kenindia Insurance Ltd, was established as merger of Indian Insurance Companies operating in Kenya to form a vibrant joint venture with moral and financial support from leading local business elite on 6th December 1978. By 2007, a span of 29 years, the company had crossed the Ksh 3 billion gross premium income mark to become the largest non-life insurer in Kenya. Since then, Kenindia has grown from strength to strength to become a leading household name in Kenya. JOB PURPOSE To independently plan and execute complex IT audits across infrastructure, applications, cybersecurity, and emerging technologies. This role requires strong IT audit capabilities and a solid foundation in cybersecurity to assess and enhance the organization’s IT risk posture. PRINCIPAL ACCOUNTABILITIES Lead and deliver IT audits covering IT General Controls (ITGCs), application controls, cybersecurity controls, and IT operations Assess compliance with the Kenya Data Protection Act (2019), Insurance Regulatory Authority ICT Guidelines, and other relevant legal or regulatory frameworks Perform independent pre- and post-implementation reviews for major IT projects and system changes. Audit third-party service providers, outsourced IT services, and cloud-based environments, with emphasis on cybersecurity, data protection, and regulatory compliance. Lead the development of the IT audit risk universe and contribute to the annual audit plan. Identify and assess IT and cybersecurity risks, and recommend practical improvements aligned to frameworks such as COBIT, NIST, ISO 27001, and ITIL Stay informed on emerging IT risks, regulatory developments, and technology trends. Prepare and present high-quality audit reports, including findings and actionable recommendations, to senior management and governance bodies. MINIMUM QUALIFICATIONS - KNOWLEDGE AND EXPERIENCE Bachelor’s in information systems, Computer Science, Cybersecurity, or related field. 6–8 years of experience in IT auditing or a combination of IT audit and technical roles. Mandatory: Hands-on experience performing cybersecurity audits, including assessment of security controls, policies, and governance practices. Certifications: CISA (Mandatory) Mandatory cybersecurity certification: One of CISSP, CISM, or CRISC Active membership in professional bodies such as ISACA or IIA