Internal Auditor for IT

What you'll do:

• Have a deeper understanding of the Company’s Information Technology systems, environment, operations and infrastructure in order to help identify and keep up to date the Information Technology Audit universe.
• Assist in performing risk assessment and identify key risks for covered entities considering relevant strategies, business environment and other relevant factors.
• Help develop the annual Information Technology audit plan considering the key risks identified during the risk assessment, inputs from management, the Audit Committee and 2nd line function (Risk and Compliance).
• Perform risk assessment and come-up with tailored and risk-based audit procedures to achieve audit objectives per Information Technology audit engagement.
• Embed data analytics in the performance of audit procedures, as necessary
• Plan, lead and execute Information Technology audits in accordance with agreed tailored procedures and audit methodology.
• Ensure that the working papers, draft audit reports and other deliverables meet the internal audit standards
• Monitor and track progress of the engagement to ensure completion within the committed timeline.

• Prepare audit reports and lead discussion of issues and remedial action plans with the appropriate levels of management.
• Help facilitate issuance of audit reports to management
• Follow-up outstanding audit issues and validate completion of agreed remedial actions by management
• Help prepare audit committee reports and fulfill other reporting requirements.
• Present result of Information Technology Audit projects to appropriate level of management committee

• Develop rapport with business unit management through regular communication of changes in Information Technology operations, emerging IT risks and potential issues, etc. through Continuous Business Review
• Provide professional advice and insights to management to enable informed management decisions
• Liaise with the control community and other members of the company to contribute to the implementation of an effective and efficient system of internal control
• Coordinate and monitor audits being performed by other assurance providers, external auditors, and regulators.

• Take the initiative in improving self through classroom and on-the-job trainings.
• Proactively contribute to the development of the team through coaching, training and providing timely feedback to junior staff.
• Cascade relevant learning or perform training to share knowledge with the team as part of continuous learning.

• Prepare and/or update relevant Information Technology audit manual and audit templates to ensure compliance with International Standards for the Professional Practice of Internal Auditing
• Take initiative of knowing and understanding relevant regulatory requirements that would impact the Company and consider in the conduct of the Information Technology audits
• Perform special projects and advisory initiatives for key system developments
• Perform other responsibilities and duties periodically assigned by the Information TechnologyAudit Head or the Chief Audit Executive in order to meet operational and/or other requirements.
• Minimum of 8 years of IT audit of other relevant experience (e.g. IT Governance, IT Risk, security management of information security tolls implementation experience)
• With experience from top 4 auditing firms (EY, PwC, Deloitte, KPMG) is an advantage
• Has worked and knowledgeable of manufacturing business process and systems is an advantage.
• With supervisory or managerial working experience for at least 3 years
• With a relevant professional certification such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) or equivalent
• Has good understanding of IT risks and controls
• With good audit, risk and/or security experience in platform/infrastructure (network, database, operating systems, etc). information/cybersecurity, mobile security, system development process, business continuity, application security and IT general controls
• Has a good understanding and experience of system development life cyle (SDLC) which may include waterfall or Agile Methodology development process
• Has a good understanding and/or experience of auditing Cloud, Blockchain, Artificial Intelligence, Robotic Process Automation, Machine Learning and the like.
• Experience in applying data analytics in assessing business application control effectiveness
• Knowledge with audit tools is an advantage