Senior IT Audit

Responsibilities and duties

• Provide Business and IT management with guidance on IT risk management matters, particularly on application and infrastructure security. 
• Responsible for developing and maintaining the IT Risk Assessment at the Corporate Level under the oversight of the Corporate management; including identifying areas where business units should consider additional investment and areas internal audit should focus.
• Conduct audits or lead audit teams in performance of IT audits and reviews of systems, applications and IT processes. Prepare and report results to executives and Audit Committees.

These include

• Perform pre and post- implementation reviews of system implementations or enhancements.
• IT security and application audits (e.g. network, operating system, data center, SAP, Retail system), including evaluating if security vulnerabilities are properly identified and mitigated. Coordinate the scope and performance of these reviews with business units and external security experts. 
• Evaluate information general computing controls and provide value added feedback. Test compliance with those controls. Coordinate with compliance or legal teams as applicable. 
• Perform various other reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate. 
• Develop, build & implement tools to analyze data to improve audit efficiency and effectiveness, (including for risk assessments). Ultimately be a source for analytics that business units adopt to provide business insights or for continuous auditing. 
• Conduct audits or lead audit teams in operational / financial audits.

 Qualifications 

• Bachelor or Master Degree in Management Information System, Information Technology, Computer Science, or related field with strong academic record.
• Minimum 2 years of working experiences in IT Audit or Security control in IT auditing, or other related experiences (e.g. Information Security, IT Risk and Control, IT Quality Control), preferably in Retail, Banking or Financial service industry.
• Proactive and able to work independently with strong interpersonal and communication skill.
• Good documentation skills, organized, methodical and detail-oriented.
• CISA, CISSP, CISM or other technical certifications is a plus.