Job Ref. No: JLIL373

Role Purpose 

The Information Systems Auditor is responsible for executing IT and internal audit assignments across Jubilee Insurance and, where necessary, regional entities. The role evaluates IT controls, cybersecurity practices, information system processes, and technology-enabled business operations to determine whether controls are effective and risks are adequately mitigated. The auditor provides independent assurance to Management and the Audit Committee and supports strengthening of the Company’s governance, risk, and control environment.

Key Responsibilities

Strategy

• Provide insights and analysis to support strategic decision-making related to IT risk management, cybersecurity, and internal controls.
• Identify opportunities to optimize technology-enabled processes and improve the efficiency of IT controls.
• Assess IT governance practices and recommend enhancements aligned with industry standards and regulatory requirements.
• Evaluate performance of IT functions and provide feedback to improve strategic alignment and operational effectiveness.

Operational

• Plan and Execute IT Audits:
• Develop risk-based IT audit plans and programs.
• Conduct fieldwork, gather evidence, and document audit findings.
•  Evaluate IT general controls (ITGC), application controls, cybersecurity controls, and infrastructure security.
• IT Risk Assessment:
• Identify risks in IT systems, networks, applications, and technology-enabled processes.
• Assess potential impacts on data integrity, financial reporting, operations, and compliance.
• Recommend risk mitigation measures to relevant stakeholders.
• Compliance & Regulatory Review:
• Ensure compliance with IT laws, cybersecurity regulations, and industry standards.
• Monitor changes in IT and cybersecurity requirements and assess their impact.
• Advise management on technology-related compliance risks.
• Financial & System Data Analysis:
• Review system-generated financial data and transaction trails for accuracy and completeness.
• Identify anomalies, irregularities, and potential internal control weaknesses.
•  Process Improvement:
• Recommend enhancements to IT processes, system controls, and internal procedures.
• Support continuous improvement initiatives to strengthen the control environment.

Corporate Governance

• Ensure all audit assignments comply with internal audit standards, Company policies, and regulatory requirements.
• Promote strong IT governance, cybersecurity awareness, and internal control culture across business units.
• Prepare and submit IT audit reports, findings, and recommendations to Management and the Audit Committee.
• Ensure adherence to IT governance and cybersecurity frameworks such as ISO 27001, ISO 22301, COBIT, and NIST.

People and Culture

• Provide training and guidance to staff on IT controls, cybersecurity practices, and risk awareness.
• Foster a culture of accountability, confidentiality, and integrity across the Company.
• Collaborate with IT, Risk, Compliance, and business teams to ensure timely follow-up and closure of audit recommendations.
• Support capability development within the Internal Audit function through sharing of knowledge and expertise.

Key Competencies

• Strong understanding of IT systems and infrastructure.
• Good knowledge of cybersecurity principles and practices.
• Analytical and critical-thinking abilities.
• High attention to detail and precision.
• Effective communication and audit report-writing skills.
• Teamwork and stakeholder management.
• Confidentiality, ethical conduct, and professionalism.
• Strong planning and organizational skills.

Functional Skills

• Knowledge of IT audit methodologies, internal audit standards, and risk-based auditing.
• Ability to identify IT and cybersecurity risks and recommend effective mitigation strategies.
• Strong financial and data analysis capabilities.
• Understanding of IT compliance requirements and regulations.
• Familiarity with process improvement methodologies (e.g., Lean, Six Sigma). 
• Proficiency in audit software and analytics tools.
• Knowledge of IT governance and security frameworks such as ISO 27001, ISO 22301, COBIT, and NIST.

Key Deliverables for the Role

• Risk-based IT and internal audit plans and programs.
• Comprehensive audit working papers and evidence documentation.
• High-quality audit reports highlighting findings, risks, and recommendations.
• IT risk assessments and compliance evaluation reports.
• Follow-up reports on remediation of IT control weaknesses.
• KPI dashboards for audit execution, findings, and issue tracking.
• Positive stakeholder feedback and value-add through audit insights.

Academic Qualifications

• Bachelor’s degree in Computer Science, Information Systems, IT, or a related field.
• Certifications such as CISA, CEH, CISSP, CISM, CGEIT, or CRISC are an added advantage.
• Training in RPA, Machine Learning, or Data Analytics is an added advantage.

Relevant Experience

• Minimum four (4) years of experience in IT audit, information systems audit, cybersecurity audit, internal audit, or related fields.
• Experience in software development, IT operations, or Big 4 consulting is an added advantage.
• Demonstrated experience evaluating, designing, and implementing IT controls.
• Experience conducting system-based audits and compliance reviews.
• Evidence of participating in control design, development, and monitoring activities.