Plan, execute, and report on audit assignments for both ongoing and completed projects, ensuring alignment with bank policies, regulations, and international standards (including MAS and ISO frameworks).
Assess project management processes for compliance with governance requirements, identifying risks in execution, cost, scope, and schedule.
Review project documentation for completeness, accuracy, and regulatory adherence, including risk assessments at various project phases.
Collaborate with project managers and stakeholders to advise on IT risk management and control design throughout project lifecycles, recommend process improvements and close identified gaps.
Monitor implementation of audit recommendations to ensure corrective actions are effective and timely.
Evaluate effectiveness of application controls in banking platforms, focusing on completeness, accuracy, validity, authorisation, segregation of duties, and reliability of financial data processing.
Review both manual and automated controls, including system documentation, input, processing, output, data transmission, and master file controls.
Test application controls relevant to core banking systems, payments, regulatory reporting, digital channels, and financial products.
Analyse change management across applications, infrastructure, and databases, assessing the impact of releases and upgrades.
Assess design and operational effectiveness of controls across SDLC phases, including requirements gathering, development, testing, deployment, and maintenance.
Audit agile and DevSecOps practices to ensure continuous integration of security, compliance, and control requirements.
Evaluate security controls embedded in DevSecOps pipelines, such as automated code scanning, penetration testing, secure architecture reviews, and compliance validation.
Verify cloud and hybrid environment controls, ensuring alignment with MAS TRM and global regulatory standards.
Conduct risk assessments for new and existing systems, focusing on data integrity, cybersecurity, fraud prevention, and compliance.
Advise on remediation of identified control weaknesses in collaboration with management, technical teams, and external auditors.
Provide recommendations for improving the bank's IT control environment and its application across new industry technologies (e.g. cloud, AI/ML, blockchain).
Engage proactively with IT, risk, compliance, and business teams to facilitate alignment of audit findings with business objectives.
Prepare and present thorough audit reports and risk assessments to senior management and audit committees.
Participate in continuous improvement initiatives for the audit function and deliver training on best practices in project and application auditing.
Job Requirements
Bachelor's degree in information technology, Computer Science, or equivalent.
8-12 years of hands-on IT audit experience, preferably in a regulated banking or financial services setting.
In-depth knowledge of SDLC methodologies (Agile, Waterfall, Hybrid), application controls (including financial reporting systems), SDLC, Agile, and DevSecOps practices.
Hands-on experience with DevSecOps tools and frameworks.
Proficient in project management and risk assessment techniques.
Strong expertise in cybersecurity, cloud risk assessments, data analytics, application controls, IT general controls, and compliance with MAS TRM guidelines.
Excellent understanding of regulatory requirements and international standards (COBIT, NIST, ISO/IEC 27001, MAS TRM).
Superior analytical, communication, and stakeholder management skills.
Experience with data analytics platforms, enterprise security tools, and cloud environments is highly desirable.
CISA, CISSP, PMP, or equivalent professional certifications.
Excellent analytical, communication, and report-writing skills.
Ability to work independently and collaboratively in a multi-disciplinary team.
Strong stakeholder management and influencing skills.
