Job Description
You will be involved in planning and leading Information Technology (IT) internal audit projects as defined in the risk-based Audit Plan. This will include planning the individual audit engagement, designing and testing the control, presenting the audit findings, writing the audit reports and follow-up on remediation.
In this role, you are required to:
- Assist with the IT Annual Audit plan preparation and assessment
- Partner with business auditors to develop a risk-based audit scope on IT controls for business integrated and infrastructure audits.
- Develop and communicate the audit plan, including determining the audit objective, scope, timeline and criteria to the stakeholders / Business Units, including opening meeting
- Detailing and communicating the scope, roles and responsibilities to the audit team members
- Plan for regular team meeting, opening and closing meeting
- Prepare and collate findings and / or feedback from IT team members for closing meeting presentation and inclusion in the audit report
- Lead, coach and supervise junior IT auditors to perform audits
- Liaise with stakeholders, lead discussions and monitor fieldwork progress
- Assist and complete audits in a timely and efficient manner in accordance with standards established by industry best practices and the relevant risk and regulatory environment
- Evaluate IT internal control design and operating effectiveness and manage remediation activities
- Communicate root causes of identified issues, associated risks, on the current and future business model and operating environment and include recommendations and action plans for improvements in business processes
- Build strong relationship with 1st and 2nd line of defence to identify potential red flags and ensure that insights to emerging risk and controls are identified and managed
- Manage 3rd party IT audit support team/ resources where applicable
- Participate in major business initiatives, and pro-actively advise and assist the business on change initiatives
To be successful in the above role, you should have:
- Bachelor's Degree in Computer Engineering/Computer Science or related studies
- Minimum 4 consecutive years of IT audit working experience
- Knowledge of COBIT or ISO27001 or ITIL or MAS Technology Risk Management Guidelines or similar standards
- Experience in performing IT applications and general controls review, and cybersecurity review
- Able to work independently, possess good communication skills and demonstrate good work ethics
- Experience in data analytics and usage of related technology tools in financial and insurance sectors has added advantage
- Professional qualifications (e.g. CISA, CISSP) are highly preferred
