(AGC) Senior Internal Audit (IT)

(Not Require certificate anymore but candidate is willing to certify once on-board)

Key Responsibilities:

• Carry out Information system audit, prepare an audit report, give impactful recommendations, and monitor / follow up the committed action plan.
• Identify key technology and data risks at the local level for each entity considering the relevant strategies and business environment.
• Preparation/Support the development of the annual audit plan considering the key risks identified.
• Plan, lead and execute audits and evaluate the adequacy of risk management and control for technology and cyber related risks according to established schedule and quality requirements.
• Provide consulting service for new product/ system development and process enhancement without compromising independence.
• Plan and allocate resources to effectively accomplish the work to meet productivity and quality goals as well as adjust the IT audit plans based on the changing IT controls, risk posture, and/or business priority.
• Draft audit reports and lead discussion of issues and remedial action plans with the appropriate levels of management. Facilitate issuance of audit reports to management. Lead the team to follow-up outstanding audit issues and monitor timely completion of agreed remedial actions by management.
• Stay up to date with related regulatory requirement, guideline, and best practices.
• Discuss and share viewpoint of risk and concern, report the audit results with Parent company.

Qualification:

• Minimal 3 years of experience in technology audit with people management skills
• Bachelor or Master degree in IT, Computer Science, MIS or related fields.
• Must have at least 1 certification which relevant professional certifications or industry accreditations (CISSP, CISM, CISA, ISO 27001 Lead auditor etc.).
• Proven experience auditing IT aspects, including governance, risk management, system, and cybersecurity, preferably gained within financial services, payment institutions or from regulators.
• Experience auditing or working in the First or Second Line of Defense IT, information security and operational risk functions, or experience with payments and international transactions would be advantageous.
• Ability to apply the related IT standard and good practice e.g COBIT, ITIL, ISO27001, PCI/DSS, Cyber Security to audit work.
• Able to work effectively in a fast-changing business environment and manage shifts in priorities.
• Knowledge in Digital Blockchain & Digital Asset would be a plus.
• Able to work under pressure and independence.