Plan, execute, and report on audit assignments for both ongoing and completed projects, ensuring alignment with bank policies, regulations, and international standards (including MAS and ISO frameworks).
Assess project management processes for compliance with governance requirements, identifying risks in execution, cost, scope, and schedule.
Review project documentation for completeness, accuracy, and regulatory adherence, including risk assessments at various project phases.
Collaborate with project managers and stakeholders to advise on IT risk management and control design throughout project lifecycles, recommend process improvements and close identified gaps.
Monitor implementation of audit recommendations to ensure corrective actions are effective and timely.
Integrated and Application Controls Audit
Evaluate effectiveness of application controls in banking platforms, focusing on completeness, accuracy, validity, authorisation, segregation of duties, and reliability of financial data processing.
Review both manual and automated controls, including system documentation, input, processing, output, data transmission, and master file controls.
Test application controls relevant to core banking systems, payments, regulatory reporting, digital channels, and financial products.
Analyse change management across applications, infrastructure, and databases, assessing the impact of releases and upgrades.
System Development Lifecycle (SDLC) & DevSecOps/Agile Audits:
Assess design and operational effectiveness of controls across SDLC phases, including requirements gathering, development, testing, deployment, and maintenance.
Audit agile and DevSecOps practices to ensure continuous integration of security, compliance, and control requirements.
Evaluate security controls embedded in DevSecOps pipelines, such as automated code scanning, penetration testing, secure architecture reviews, and compliance validation.
Verify cloud and hybrid environment controls, ensuring alignment with MAS TRM and global regulatory standards.
IT General Controls & Risk Management:
Conduct risk assessments for new and existing systems, focusing on data integrity, cybersecurity, fraud prevention, and compliance.
Advise on remediation of identified control weaknesses in collaboration with management, technical teams, and external auditors.
Provide recommendations for improving the bank's IT control environment and its application across new industry technologies (e.g. cloud, AI/ML, blockchain).
Stakeholder Engagement & Reporting:
Engage proactively with IT, risk, compliance, and business teams to facilitate alignment of audit findings with business objectives.
Prepare and present thorough audit reports and risk assessments to senior management and audit committees.
Participate in continuous improvement initiatives for the audit function and deliver training on best practices in project and application auditing.
Continuous Improvement:
Stay abreast of emerging technologies, regulatory requirements, and industry best practices.
Contribute to the enhancement of audit methodologies, tools, and frameworks.
Requirements
Education & Experience:
Bachelor's degree in information technology, Computer Science, or equivalent.
812 years of hands-on IT audit experience, preferably in a regulated banking or financial services setting.
In-depth knowledge of SDLC methodologies (Agile, Waterfall, Hybrid), application controls (including financial reporting systems), SDLC, Agile, and DevSecOps practices.
Hands-on experience with DevSecOps tools and frameworks.
Proficient in project management and risk assessment techniques.
Strong expertise in cybersecurity, cloud risk assessments, data analytics, application controls, IT general controls, and compliance with MAS TRM guidelines.
Excellent understanding of regulatory requirements and international standards (COBIT, NIST, ISO/IEC 27001, MAS TRM).
Superior analytical, communication, and stakeholder management skills.
Experience with data analytics platforms, enterprise security tools, and cloud environments is highly desirable.
Additional Relevant Duties from Industry Best Practices:
Participate or observe in key testing events (e.g. BCP/DR), or critical system implementations.
Support ad-hoc investigations and management requests in relation to IT risk incidents, regulatory inquiries, or forensic analysis.
Lead audit programme development and documentation of findings in support of continuous maturity upgrades.
Drive adoption and standardisation of best practices in IT risk management and audit across the region.
Banking Knowledge:
Familiarity with corporate and commercial banking products, processes, and regulatory requirements.
Certifications (Preferred):
CISA, CISSP, PMP, or equivalent professional certifications.
Core Competencies:
Excellent analytical, communication, and report-writing skills.
Ability to work independently and collaboratively in a multi-disciplinary team.
Strong stakeholder management and influencing skills.
