Position Summary:
The
role holder will be responsible for Information Systems audits within the
group. This involves the review of processes, identification of control
weaknesses and setting up processes to address the identified weaknesses. The
holder will also be the expert in information security controls and emerging
trends.
Reporting to the Regional
Internal Auditor, the successful candidate will be responsible for the
following functions:
Duties & Responsibilities
Participate
in the preparation of the annual audit plan in line with key risk areas and
strategic priorities of the Company in consultation with the Regional Internal
Audit Manager.
Prepare and submit the audit program including risk assessment, evaluation of control environment, formulation of audit objectives, designing audit procedures, information gathering, and evidence analysis to ensure quality risk-based audits.
Review
ICT policies, procedures and work instructions for adequacy.
Give
assurance on protection of Information Assets.
Assess
entire ICT environment from application systems and business protocols to
determine whether business objectives are being attained in a secure
environment.
Review
the group’s hardware and software to ensure acquisition and deployment and
disposal process are in line with best practice and policies.
Provide
assurance on security for the entire ICT environment within the group including
infrastructure.
Test
and identify network and system vulnerabilities and create counteractive
strategies to protect the network. Review information system application
servers, backups, ICT infrastructure, network, Business Continuity plan, and
Disaster Recovery Plan to ensure compliance to policy and best practice.
Test
ICT general controls within the group to ensure confidentiality and access
management are well managed.
Carry
out routine and special audit assignments as requested from time to time and
develop report on findings and recommendations that inform on action points.
Conduct
integrated audit in collaboration with the business processes auditors to
provide assurance of the business environment considering the ICT aspect.
Carry
out audit follow ups when due, based on Board resolutions & management
action points and develop reports on implementation status.
Keep
abreast on latest technology and trends to provide input to mitigate emerging
threats to the group.
Any
other responsibilities that may be assigned to the job holder by the Regional
Internal Auditor from time to time.
Qualifications
Bachelor’s
degree in Computer Science or business-related field.
Certified
Information Systems Auditor (CISA).
Certified
Internal Auditor (CIA), or Certified Public Accountant (CPA) desirable.
At
least 3 years of experience directly related to the duties and responsibilities
specified above.
How To Apply
Applicants who have met
the required criteria should address their applications and copies of
certificates to:
Human Resources Director –
Tourism Promotion Services – Eastern Africa
Sent on email to : Jobvacancy.kenya@serenahotels.com on
or before 22nd January 2024.
