Job Description

Reporting to the Head of Internal Audit & Risk Management, the Information Systems Auditor will support the execution of the risk-based internal audit plan by evaluating the effectiveness of information systems controls, IT governance, cybersecurity frameworks, and digital processes within the University. The role will focus on assessing the integrity, security, reliability, and efficiency of information systems that support academic, administrative, and financial operations.

Qualifications & Requirements

• A Bachelor’s degree in Information Systems, Computer Science, Information Technology, Business Information Systems, or a related field from a recognized university.
• Partially qualified or final accounting or auditing qualification, such as CIA, CPAK or equivalent qualification, will be an added advantage.
• A minimum of three (3) years of relevant experience in IT audit, information systems risk management, cybersecurity, or IT compliance in a reputable organization.
• Experience in auditing ERP systems will be an added advantage.
• Exposure to IT audit and data analytics tools will be an added advantage.
• Strong knowledge of IT governance frameworks, ability to identify, assess, and evaluate IT-related risks, including access controls, system vulnerabilities, and data integrity risks.
• Excellent analytical, documentation, and report-writing skills.
• Effective communication and presentation skills, including the ability to explain technical issues to non-technical stakeholders.
• Strong attention to detail and problem-solving ability.
• Ability to work independently and meet strict deadlines.
• High levels of integrity and ethical conduct consistent with the mission and values of the University.

Key Duties & Responsibilities

• Assist in the preparation and implementation of the risk-based IT audit plan aligned with the University’s internal audit strategy.
• Conduct information systems audits, including reviews of IT governance, system security, data integrity, system development, and disaster recovery processes.
• Evaluate general IT controls, application controls, and user access management across institutional systems.
• Review ERP systems, databases, and digital platforms to assess system configuration, security, and compliance with institutional policies.
• Identify IT-related risks and recommend appropriate mitigation measures to strengthen system security and operational resilience.
• Prepare comprehensive IT audit reports and present findings and recommendations to management.
• Conduct follow-up reviews to verify the implementation of agreed IT audit recommendations.
• Support investigations involving suspected IT irregularities, data breaches, or system misuse.
• Provide advisory support to management on emerging IT risks, cybersecurity, and technology governance.
• Ensure audit assignments comply with professional standards issued by the Institute of Internal Auditors and recognized IT audit frameworks such as ISACA.