Job Objective :
Responsible for entire audit lifecycle areas such as audit planning, preparation of Risk Control Matrix (RCM), testing controls, audit and issue rating, Control Effectiveness Scoring (CES), report issuance and tracking closures. Tested for IT processes such as Change Management, User Access Management (UAM), Process Control Review, System Security Controls, IT General Controls, Backup and Disaster Recovery management.
Job Role :
- To conduct and report various Technology, Regulatory, Information Security and Third Party audits. In accordance with Regulator guidelines/ Internal Auditing Guidelines / International Standards focusing on Information Technology General Controls.
- Participate in the annual audit plan preparation and to assist in conducting audit risk assessments and periodic reporting to management and Head Office.
- Continuous Monitoring with the various stakeholders to identify the weakness in controls, improvement plans and audit need assessment.
- Conducted audits independently for key technologies to test controls for both Test of Design (ToD) and Operating Effectiveness (ToE).
- Perform special audits on an ad-hoc basis as required by regulators, business and external auditors
- Assist in conducting audit risk assessments and periodic reporting to management and Head Office.
- Report audit findings and make recommendations for the corrective action plan for identified control deficiencies and improvements in ITGC.
- Assist Head of Audit for annual audit planning and audit need assessment.
- Preparing and reviewing draft audit reports, presenting the audit findings to the Head of Audit Function for Information Technology.
- Report audit findings and make recommendations for the corrective action plan for identified control deficiencies and improvements in ITGC
- Ensure timely closures of Finding raised during the audits by reviewing the action plans submitted by the Business Units
- Review and assess deviation requests to the Technology Risk Management Policy.
- Information Security incident handling and management.
- Conduct Information Security Awareness & Subject Training.
- Business Continuity and Disaster Recovery Procedures
Job Skills Needed :
- 12-15 years of experience in Information Security (IS) and Technology Audits (IT), majority in Banking, knowledge of Global standards / IT Audit framework, the ISO/IEC 27001:2005 Information Security requirements
Didn’t find the job appropriate? Report this Job