Senior/Manager, IT Audit

Job Purpose

You will be part of a highly professional Group Internal Audit Team that carries out integrated audits, IT audits and Continuous audits to ensure robust governance, risk management and internal controls in the Group.

Responsibilities

• Perform IT audits to ensure the adequacy and effectiveness of controls and integrity of IT systems. 
• Develop IT audit plans, perform audits, conduct post-audit reviews, recommend improvement for controls and governance practices.  
• Work closely with external auditors to avoid duplicate of audit efforts. 
• Consolidate common IT audit findings for sharing with internal stakeholders to ensure alignment with Group’s policies. 
• Provide advisory/ consulting services on risks and controls regarding new processes, products and systems.
• Oversee work conducted by subordinates
• Resolve issues that fall out of normal procedures
• Make sure that field work(s) are completed
• Prepare IT audit reports reflecting the results of the work performed
• Design creative ways to train subordinates, and monitor output delivery
• Decide how best to respond to stakeholders, while increasing quality and pace overtime
• Identifying and preventing issues and taking time to nullify negative impacts or increase benefits
• Report to the organization’s management, audit results, and observations
• Offer functional training and advice to internal/ external stakeholders and mentors less-experienced and new team members
• Working independently, receiving day-to-day instructions, with general guidance on assignments
• Coming up with ways to improve processes, services, and products to internal and external stakeholders

Qualifications & Work Experience

• Degree in Computer Science or Accountancy, with a minimum of 6-8 years of relevant IT audit experience 
• Professional certification in CISA or CISSP would have an added advantage
• Experienced in review of application, operating systems and database security
• Prior experience in review of network security including network infrastructure and network penetration test would be viewed favourably
• Experience in using generalised audit software (such as ACL) is preferred

Skills

Technical skills include:

• Good knowledge of Cybersecurity risks and risk treatment would be an advantage

Generic skills include:

• Strong interpersonal, analytical and communication skills (both written and oral) and ability to manage stakeholders from diverse backgrounds at various levels of seniority
• Meticulous with a keen eye for detail and the ability to suggest improvements in optimising work processes so as to value add to the stakeholders
• Self-motivated with the ability to prioritise and meet deadlines
• Ability to work independently with minimum support resources
• Good writing and presentation skills