Internal IT Auditor (IM8 Audit - For Applications)

Whatwillyoudo

IT Audit and Risk Assessment

• Conduct IT audits, compliance and IT risk assessment primarily in the application areas covering application control, IT general controls, infrastructure controls, and cybersecurity.
• Able to plan and communicate the audit activities with the stakeholders.
• Audit and identify the risk and non-compliances at project sites, evaluate the issue and produce the audit/assessment report.
• Work off-site with different projects during audits/reviews, performing visual and auditory analysis of audit items independently.

Risk Identification and Control Evaluation

• Identify and evaluate complex technology and business risks and internal controls designed to mitigate these risks.
• Assess the discovered non-compliant issues in application design and operating effectiveness of controls in mitigating IT risks.
• Analyse the issue deficiencies, determine the impact, and provide guidance to the remediation.
• Recommend opportunities for internal control improvement based on risk evaluations.
• Where required, do research to support the internal compliance improvement plans for the company.

Audit Reporting and Stakeholder Management

• Provide audit report covering audit findings, root cause and recommendations for improvements.
• Present audit findings to senior stakeholders, both internal and external, clearly and professionally.
• Follow up with project teams to ensure that root causes are addressed and that corrective actions are implemented effectively.

The ideal candidate should possess:

• Minimum 5 years of ICT experience, preferably with a few years in ICT audit and/or Risk Assessment.
• Relevant IT audit certifications such as CISA, CISM, CISSP, CRISC, and/or ISMS Lead.
• Good understanding of SOC 1 and SOC 2, COSO, COBIT, ISO/IEC 27000, CIS or equivalent standards.
• Experience in requesting and inspecting application and IT systems artefacts during audits/reviews.
• Ability to work independently in field audits, performing visual and auditory analysis of audit items.
• Experience in audit field work including IM8 audit (for Applications).
• Strong understanding of complex business and IT processes, and their related risks.
• Must have knowledge on application development and design, network, IT operation processes and cybersecurity.
• Prior experience in project management, application development, and cloud application development throughout the project lifecycle, including both traditional SDLC and Agile methodologies, or in infrastructure implementation and operations.
• Comprehensive knowledge of application development, design, network, IT operations processes, and cybersecurity.
• Self-motivated and proactive attributes, with the ability to deliver quality and thorough audit work, with an eye for detail.
• Keen attention to detail and patience in producing reports and documentation.
• Good written and verbal communication and presentation skills.
• Degree in IT, Computer Science or any other related field.
• Experience working in Big Four audit firm, handling IT audits (has an added advantage).