IT Auditor

About the Job:

To plan, perform, and report IT audits that evaluate the effectiveness of internal IT controls, identify risks, and ensure compliance with internal policies and external regulations. This includes coordinating with internal and external stakeholders to enhance IT security and minimize risks while improving overall operational efficiency.

What you will do:

1. Develop IT audit programs, create audit checklists, and perform IT audits on various IT systems and platforms.
2. Execute efficient and effective IT audit procedures, ensuring compliance with audit standards and methodologies.
3. Establish IT audit plans based on identified risks, ensuring that high-risk areas are regularly reviewed.
4. Review, evaluate, and test IT controls to determine the exposure to risks and provide strategies for improvement.
5. Provide recommendations and guidelines on identified IT security risks and control weaknesses.
6. Prepare and coordinate audit review reports and test results for internal and external stakeholders.
7. Follow up on audit findings (internal and external) to ensure timely implementation of corrective actions.
8. Monitor the execution of remediation plans based on audit findings to ensure compliance and improvement.
9. Assist in managing internal and external audits and support the IT Compliance and IT Security teams in improving processes.
10. Ensure compliance with regulations such as PCI DSS v4.0, ISO 27001:2022, and Bank Indonesia standards.

What we are looking for:

1. Bachelor’s degree in Information Technology, Computer Information Systems, or a related field.
2. Minimum 3 years of experience as an internal or external IT auditor.
3. One or more professional certifications such as Lead Auditor, CISA (Certified Information Systems Auditor), CIRSC, CEH (Certified Ethical Hacker), or CISSP (Certified Information Systems Security Professional).
4. Proficient in IT audit methodologies, risk-based auditing, and internal control frameworks.
5. Strong knowledge of PCI DSS v4.0, ISO 27001:2022, and Bank Indonesia regulations.
6. Experience in auditing network security, IT infrastructure, and various IT platforms, operating systems, and applications.
7. Familiarity with IT Application Control Reviews, Data Analysis, and SDLC (Software Development Life Cycle) processes.
8. Strong understanding of IT risk management and cybersecurity.
9. Knowledge of IT audit tools and methodologies to assess control effectiveness.
10. Strong analytical and problem-solving skills.
11. Excellent communication skills, both written and verbal.
12. High initiative and the ability to work effectively in a team environment.
13. Strong attention to detail and the ability to work under pressure.
14. Ethical conduct and strong interpersonal skills.
15. Awareness of current cybersecurity trends and vulnerabilities.
16. Ability to translate technical requirements into actionable audit steps.