Senior Systems Auditor Job Nairobi Hospital

IT Jobs Nairobi Hospital Jobs

Reports to: Internal Audit Manager REF: TNH/HHR/SSA/06/2026

The overall purpose of this role is to plan, lead, and execute technology and information systems audits across the Hospital’s ICT environment, to exercise supervisory oversight over the Information Systems Audit Unit, and to handle technically complex IS audit assignments in direct conjunction with the Internal Audit Manager. The role provides independent, risk-based assurance over the Hospital’s Kranium HMIS, Navision ERP, and wider digital infrastructure, in line with the approved Annual Audit Work Plan, and provides functional leadership to other internal auditors through the TeamMate Audit and TeamMate Analytics platforms, ensuring that audit planning, fieldwork, data analytics, evidence management, and reporting are executed on a fully automated, end-to-end basis.

Key Responsibilities

• Lead and execute risk-based IS audit engagements across the Hospital’s Kranium HMIS, Navision ERP, LIMS, PACS, billing platforms, and digital infrastructure, in accordance with IIA Standards and ISACA/COBIT frameworks.
• Develop IS audit programmes covering IT General Controls (ITGC), application controls, access management, change management, cybersecurity controls, and data governance.
• Assess the design and operating effectiveness of these controls, including network security and application-level controls, within clinical and administrative systems.
• Provide supervisory oversight over the Information Systems Audit Unit by planning and assigning IS audit work, reviewing working papers and draft audit reports for technical adequacy, and coaching the Information Systems Auditor.
• Lead other internal auditors in the use of the TeamMate Audit and TeamMate Analytics platforms, configuring platform workflows and automation rules so that the audit lifecycle is fully automated end-to-end, from planning through to issue tracking and closure.
• Handle complex and technically demanding IS audit assignments in direct conjunction with the Internal Audit Manager, including major system implementations, cybersecurity assurance reviews, penetration testing assurance, and data migration controls.
• Work with the ICT Director and project teams to provide assurance on Kranium HMIS and Navision ERP implementations and upgrades, ensuring controls are embedded at each project milestone.
• Review the integrity, reliability, and security of data generated by Kranium HMIS and Navision ERP, and assess the adequacy of controls over data capture, processing, storage, and reporting.
• Evaluate disaster recovery (DR) testing outcomes and business continuity plan (BCP) adequacy for IT-dependent Hospital operations.
• Test and identify network and system vulnerabilities, and develop counteractive strategies to protect the Hospital’s information systems and data assets.
• Apply the TeamMate Analytics platform, alongside other Computer-Assisted Audit Techniques (CAATs), across Kranium HMIS, Navision ERP, pharmacy, and laboratory transaction data.
• Review ICT policies, procedures, and work instructions for adequacy and alignment to best practice and regulatory requirements.
• Provide assurance on data privacy and protection in line with the Kenya Data Protection Act, 2019 and the Data Protection (General) Regulations, 2021.
• Prepare IS audit reports with risk-rated findings, root cause analysis, and actionable recommendations, and present draft reports to the Internal Audit Manager for review and finalisation.
• Monitor implementation of agreed management actions, escalating overdue or insufficient responses to the Internal Audit Manager.
• Keep abreast of technology developments, emerging cybersecurity threats, and IS audit standards to provide advisory input on ICT risks to the Hospital.
• Advise on ICT-related training needs and capacity building within the Information Systems Audit Unit.
• Represent the Internal Audit Department in technology governance committees or working groups.
• Carry out any other responsibilities assigned by the Internal Audit Manager from time to time.

Qualifications

The ideal candidate should possess:

• Bachelor’s Degree in Computer Science, Information Technology, Information Systems, Software Engineering, or Cybersecurity from a recognised institution.
• Certified Information Systems Auditor (CISA) issued by ISACA mandatory at the time of appointment.
• Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) issued by ISACA – added advantage.
• CISSP (Certified Information Systems Security Professional) issued by ISC2, Certified Ethical Hacker (CEH), or an equivalent professional cybersecurity certification – added advantage.
• Certified Internal Auditor (CIA) issued by the Institute of Internal Auditors – added advantage.
• Certified Public Accountant CPA (K) or ACCA – added advantage.
• Active member of ISACA.
• Minimum of 6 years’ IS audit experience including hands-on work with ITGC, application controls, cybersecurity audit, and COBIT 2019.
• Working knowledge of Kranium HMIS, Navision ERP, LIMS, and PACS in a hospital or regulated environment.
• Working knowledge of the TeamMate Audit and TeamMate Analytics platforms (or equivalent audit management and data analytics tools), with the ability to lead and train other auditors in their use.
• Familiarity with ISO/IEC 27001, IIA Standards, and the Kenya Data Protection Act, 2019.

Core Competencies

The successful candidate should demonstrate:

• In-depth knowledge of IT environment integration from infrastructure to application systems.
• Understanding of Kranium HMIS, Navision ERP, and the Hospital’s ICT operating model.
• Proficiency in IS audit engagements in line with IIA Standards and ISACA/COBIT frameworks.
• Knowledge of network security, cybersecurity audit, and vulnerability assessment.
• Working knowledge of the TeamMate Audit and TeamMate Analytics platforms, and other CAATs/audit software such as IDEA.
• Team leadership and supervisory skills, including the ability to lead other auditors in fully automated, end-to-end audit execution via the TeamMate Audit and TeamMate Analytics platforms.
• Analytical and technical problem-solving skills.
• Judgement and professional skepticism.
• Independent minded with high attention to detail.
• Planning and organizing skills across concurrent IS audit assignments.
• Communication skills ability to translate complex technical findings for non-technical audiences.
• Accountability and integrity.

How to Apply

If your background, experience and competence match the above specifications, please send us your application (cover letter & CV/Resume) quoting the job reference number, testimonials and full contact details of 3 referees, to reach the undersigned not later than 30th June, 2026. We shall ONLY accept ONLINE applications.

We appreciate all applications received. While we may not be able to provide individual feedback to all applicants due to the high number of applications received, please know that we value your interest and the time you invested in engaging with us. Only shortlisted candidates will be contacted at each stage of the recruitment process. If you do not hear from us after completion of the interviews, kindly consider your application unsuccessful.

The Nairobi Hospital does NOT charge recruitment fees.

Head of Human Resources
The Nairobi Hospital
P. O. Box 30026-00100
NAIROBI

Email: recruitment@nbihosp.org