The Agricultural Finance Corporation (AFC), a wholly owned Government Development Finance Institution (DFI), was established in 1963 initially as a subsidiary of the Land and Agricultural Bank. In 1969, it was incorporated as a full – fledged financial institution under the Agricultural Finance Corporation Act, Cap 323 of the laws of Kenya

Job Summary:

The Information Systems Auditor is responsible for evaluating the effectiveness of Agricultural Finance Corporation information systems, internal controls, and risk management processes. This includes assessing the security of data, evaluating IT infrastructure, and ensuring compliance with industry regulations and standards.

Key Responsibilities:

Audit Planning and Execution:

•  Develop and execute risk-based audit plans for information systems, ensuring coverage of critical areas.
•  Conduct thorough assessments of IT systems, applications, and infrastructure to identify potential risks and vulnerabilities.

Information Security Assessment:

•  Evaluate the effectiveness of information security controls and measures in place.
•  Conduct penetration testing and vulnerability assessments to identify and address security weaknesses.

Compliance Management:

•  Ensure compliance with relevant laws, regulations, and industry standards.
•  Keep abreast of changes in regulations and update audit procedures accordingly.

Internal Control Evaluation:

•  Assess the design and effectiveness of internal controls related to information systems.
•  Identify weaknesses in controls and recommend improvements to enhance the security posture.

IT Governance and Policy Compliance:

•  Evaluate the effectiveness of IT governance structures and processes.
•  Review and assess adherence to IT policies, procedures, and standards.

Incident Response and Recovery:

•  Develop and test incident response plans to ensure the Corporation’s ability to respond to and recover from cybersecurity incidents.
•  Provide guidance on incident response procedures and coordinate with relevant teams.

Audit Reporting:

•  Prepare comprehensive audit reports detailing findings, recommendations, and action plans.
•  Communicate audit results to senior management and stakeholders.

Collaboration and Training:

•  Collaborate with IT and business units to implement audit recommendations.
•  Provide training and awareness programs on information security best practices.

Qualifications and Skills:

•  Bachelor’s degree in Information Systems, Computer Science, or related field.
•  Master’s Degree
•  Professional certification such as CPAK
•  CISA (Certified Information Systems Auditor) is highly desirable.
•  5 years’ experience in information systems auditing, preferably in the financial industry.
•  Strong understanding of information security principles, risk management, and IT governance.
•  Knowledge of regulatory requirements and standards applicable to financial institutions.
•  Excellent analytical, communication, and interpersonal skills.
•  Ability to work independently and collaboratively with cross-functional teams