We take pride in our highly qualified professionals who deliver our mission every day, translating their knowledge and expertise to internationally compliant practices in healthcare provision. Courtesy, consideration and unreserved respect towards our patients’ privacy, dignity and confidentiality has time and again helped us earn their trust and goodwill.... Senior Systems Auditor REF: TNH/HHR/ SSA /06/2026 The overall purpose of this role is to plan, lead, and execute technology and information systems audits across the Hospital’s ICT environment, to exercise supervisory oversight over the Information Systems Audit Unit, and to handle technically complex IS audit assignments in direct conjunction with the Internal Audit Manager. The role provides independent, risk-based assurance over the Hospital’s Kranium HMIS, Navision ERP, and wider digital infrastructure, in line with the approved Annual Audit Work Plan, and provides functional leadership to other internal auditors through the TeamMate Audit and TeamMate Analytics platforms, ensuring that audit planning, fieldwork, data analytics, evidence management, and reporting are executed on a fully automated, end-to-end basis. Key Responsibilities Lead and execute risk-based IS audit engagements across the Hospital’s Kranium HMIS, Navision ERP, LIMS, PACS, billing platforms, and digital infrastructure, in accordance with IIA Standards and ISACA/COBIT frameworks. Develop IS audit programmes covering IT General Controls (ITGC), application controls, access management, change management, cybersecurity controls, and data governance. Assess the design and operating effectiveness of these controls, including network security and application-level controls, within clinical and administrative systems. Provide supervisory oversight over the Information Systems Audit Unit by planning and assigning IS audit work, reviewing working papers and draft audit reports for technical adequacy, and coaching the Information Systems Auditor. Lead other internal auditors in the use of the TeamMate Audit and TeamMate Analytics platforms, configuring platform workflows and automation rules so that the audit lifecycle is fully automated end-to-end, from planning through to issue tracking and closure. Handle complex and technically demanding IS audit assignments in direct conjunction with the Internal Audit Manager, including major system implementations, cybersecurity assurance reviews, penetration testing assurance, and data migration controls. Work with the ICT Director and project teams to provide assurance on Kranium HMIS and Navision ERP implementations and upgrades, ensuring controls are embedded at each project milestone. Review the integrity, reliability, and security of data generated by Kranium HMIS and Navision ERP, and assess the adequacy of controls over data capture, processing, storage, and reporting. Evaluate disaster recovery (DR) testing outcomes and business continuity plan (BCP) adequacy for IT-dependent Hospital operations. Test and identify network and system vulnerabilities, and develop counteractive strategies to protect the Hospital’s information systems and data assets. Apply the TeamMate Analytics platform, alongside other Computer-Assisted Audit Techniques (CAATs), across Kranium HMIS, Navision ERP, pharmacy, and laboratory transaction data. Review ICT policies, procedures, and work instructions for adequacy and alignment to best practice and regulatory requirements. Provide assurance on data privacy and protection in line with the Kenya Data Protection Act, 2019 and the Data Protection (General) Regulations, 2021. Prepare IS audit reports with risk-rated findings, root cause analysis, and actionable recommendations, and present draft reports to the Internal Audit Manager for review and finalisation. Monitor implementation of agreed management actions, escalating overdue or insufficient responses to the Internal Audit Manager. Keep abreast of technology developments, emerging cybersecurity threats, and IS audit standards to provide advisory input on ICT risks to the Hospital. Advise on ICT-related training needs and capacity building within the Information Systems Audit Unit. Represent the Internal Audit Department in technology governance committees or working groups. Carry out any other responsibilities assigned by the Internal Audit Manager from time to time. Qualifications The ideal candidate should possess: Bachelor’s Degree in Computer Science, Information Technology, Information Systems, Software Engineering, or Cybersecurity from a recognised institution. Certified Information Systems Auditor (CISA) issued by ISACA mandatory at the time of appointment. Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) issued by ISACA – added advantage. CISSP (Certified Information Systems Security Professional) issued by ISC2, Certified Ethical Hacker (CEH), or an equivalent professional cybersecurity certification – added advantage. Certified Internal Auditor (CIA) issued by the Institute of Internal Auditors – added advantage. Certified Public Accountant CPA (K) or ACCA – added advantage. Active member of ISACA. Minimum of 6 years’ IS audit experience including hands-on work with ITGC, application controls, cybersecurity audit, and COBIT 2019. Working knowledge of Kranium HMIS, Navision ERP, LIMS, and PACS in a hospital or regulated environment. Working knowledge of the TeamMate Audit and TeamMate Analytics platforms (or equivalent audit management and data analytics tools), with the ability to lead and train other auditors in their use. Familiarity with ISO/IEC 27001, IIA Standards, and the Kenya Data Protection Act, 2019.