The Associate IT Audit Manager is responsible for leading and executing IT audits to assess IT Governance and effectiveness of information technology controls in operations across the Group. This role requires a deeper understanding of information technology risk and the ability to translate technical risks into laymen terms for the management. The Associate IT Audit Manager works independently or as part of a team to conduct audits of an organization's IT infrastructure, applications, and systems to ensure compliance with regulatory requirements, industry standards, and best practices.
The Associate IT Audit Manager will:
Assist the Group Chief Audit Officer in developing risk-based IT audit plans that align with organizational objectives and goals.
Ensure that the audit program under the audit cycle stated in the Annual Audit Plan is properly executed to provide reasonable assurance on achievement of overall company objectives. This includes developing audit programs, testing controls, and documenting results.
Plan and conduct rigorous audits of IT systems and processes to identify risks, security issues, and areas for improvement. This includes applications, databases, networks, operating systems, and information security controls.
Perform general and application control reviews of information systems.
Review IT policies, procedures, change and configuration management processes.
Develop recommendations to strengthen controls and improve IT governance.
Assist the audit team in data extraction from ERP systems, data mining and data analytics using excel or audit analytical tools such as ACL/Arbutus for all non-IT audit engagements (adhoc reviews, investigations etc.)
Demonstrate working knowledge of Artificial Intelligence (AI) tools for delivering efficient and effective results in the best interest of the department and the organisation.
Perform IT security audits to assess risks related to cyberthreats, data leakage, unauthorized access, and other information security concerns. Test security controls and make recommendations for improvement.
Demonstrate effective time management skills by ensuring completion of audit engagements within agreed time budgets, keeping the Internal Audit Manager & IT Audit Manager informed of progress for project time extension, if any granted.
Possess the ability to juggle multiple projects at the same time; deliver quality results by meeting deadlines and comfortable working with all multicultural team members.
Ensure working papers prepared are adequate, clear, and relevant evidence is obtained to sufficiently support the audit conclusion in line with IIA methodology.
Deliver audit reports that clearly communicate audit findings, impact, recommendations, and management responses. This includes presenting audit findings to management and other stakeholders, and tracking remediation of issues.
Collaborate with internal team members. Serve as an IT subject matter expert to educate non-technical business partners and stakeholders.
Communicate effectively and professionally with business unit/department management throughout the audit process for developing a mutually effective audit work schedule, conducting audit status meetings, and leading the entrance and exit conferences.
Establish positive and constructive relationships with the Business Units and maintain business knowledge of assigned operating business units.
Remain up to date on emerging IT risks and controls, including modern technologies and best practices. This includes attending training, conferences, and other professional development opportunities.
Assist the leadership team in achieving Department's annual objectives/KPIs.
Perform Ad-hoc assignments as per Group Chief Audit Officer's directions.
Requirements
Qualification:
Graduate or Postgraduate in IT, from a recognized institution.
CISA qualified.
Experience:
Minimum 10 years of experience in an IT Audit function of a similar multidivisional group or an MNC.
Trained with Big Four Audit/Consulting Firms.
Proficiency in utilizing Data Analytics and Business Intelligence tools and the ability to fully leverage their capabilities.
Working experience of IT Governance and IT Infrastructure.
Working knowledge of well reputed ERPs similar to Oracle.
Working knowledge of the IPPF standards, ISO 27000 series and COBIT.
Desirable:
Working knowledge and proficiency in developing Power BIs;
CA, CIA, CRISC, CISM, CGEIT, CISSP.
Skills:
Understanding of multiple technology domains including software development, Windows, database management, networking.
Understanding of information security standards, best practices for securing computing systems, and applicable laws and regulations.
Strong communication and report writing skills. Must communicate clearly. Must possess advanced stage business report writing skills and be able to speak eloquently. Tactful when delivering the facts to the audience in person or via other modes of communication.
Attention to detail and ability to focus.
Critical and skeptical thinking to identify gaps and apply logic to determine the root cause of the issue.
Problem solving - Must enjoy solving problems. Carry out root cause analysis. Takes on challenges and finds creative, innovative solutions.
Self-motivated and self-managed individual with the ability to work effectively in a multicultural team.
Strong collaborator - Must be able to work independently, with limited direction and guidance, but equally enjoys collaborating across dynamic and multicultural teams and is personable, helpful, and organized.
Proactive in prioritizing workload without waiting for specific instructions to perform duties.
Flexibility to travel - Flexible to undertake business travel as per business needs.
Confidentiality - Protect the confidentiality of company data at all times.