Associate - IT Audit & Data Privacy

The overall purpose of this role is to carry out IS audits, IT General Controls Testing, data analysis in support of financial audits, and data privacy engagements, being involved in planning, executing, and completing assignments in line with engagement terms and quality standards. You will support clients across banks, SACCOs, insurances, and other industries within the IT Advisory service line.

Job Details

• Undertake IS audits and ITGC testing (including user access, change management, IT operations, backups, DR/BCP, and interfaces testing).
• Perform data analysis in support of financial audits (e.g., journal entry testing, revenue/receivables analytics, ageing & outlier analysis, three-way matches, trend/ratio analysis) using CAATs/BI tools (ACL/Arbutus/IDEA, SQL, Excel/Power Query; Python/Power BI a plus) in close collaboration with financial audit teams.
• Perform/assist with Data Privacy Assessments including DPIAs, LIAs (Legitimate Interests Assessments), and privacy implementation (scoping, risk identification, controls evaluation, remediation planning) aligned to the Kenya Data Protection Act (2019) and ODPC guidance.
• Prepare quality workpapers, data flow diagrams, and clear reports with practical recommendations.
• Support process walkthroughs and stakeholder interviews across financial services and other sectors.
• Keep abreast of IT/security/privacy standards and regulations (ISO/IEC 27001/27701, COBIT, NIST, ODPC).
• Contribute to methodologies, proposals, and internal training/upskilling.

Requirements

• BA/BSc (or equivalent) in IT, Computer Science, Information Systems or related field (desirable).
• 1–3 years in an audit/consulting firm with exposure to IT audits/ITGCs.
• Familiarity with Data Privacy Assessments/DPIAs (or strong willingness to learn).
• Awareness of business processes in banks, SACCOs, insurances and multi-industry exposure is an advantage.
• Proficiency with CAATs and data analysis (ACL/Arbutus/IDEA/SQL/Excel; Power BI/Python is a plus).
• Strong written/verbal communication skills.
• Strong report writing and Microsoft Office proficiency.
• Certifications (e.g., CISA, CDPSE, ISO 27001/27701) are an advantage, not mandatory.