IT Audit Manager

Job Description

1. Strategic Leadership and Planning

a) Assist the Head of Internal Audit in leading, planning, and directing the development and implementation of strategies, policies, and procedures related to the IT audit function.

b) Establish processes and procedures for identifying risks across the organization, formulating the Annual IT Audit Plan, setting KPIs, monitoring quality assessments, and managing staff training for the department.

c) Ensure alignment of the IT audit function with the overall organizational objectives and regulatory requirements.

2. Audit Planning and Development

a) Plan, design, and develop system operation process flows and audit work programs to ensure comprehensive audit scope and coverage.

b) Lead the IT audit team in conducting audit entrance meetings, fieldwork, discussion of audit findings, exit meetings, and monitoring of agreed corrective actions.

c) Conduct follow-ups with audit clients to ensure timely closure of audit issues, providing supporting evidence for submission to management and the Audit Risk and Integrity Committee (ARIC).

3. Audit Execution and Review

a) Review and advise on audit work programs, providing clear guidance and detailed supervision of the audit team's work to ensure comprehensive coverage and adherence to audit standards.

b) Review emerging risks and trends in the IT environment, assess their impact, and propose mitigation plans to reduce risks.

c) Communicate audit observations and recommendations with management and obtain and monitor effective remedial action plans.

d) Ensure audit documentation, such as reports, data analysis, findings, and recommendations, are supported with proper evidence.

e) Develop incident response strategies and ensure readiness to handle cybersecurity incidents effectively.

f) Utilize data analytics and technology-driven audit approaches to identify key risk areas and enhance audit efficiency.

4. Team Management and Development

a) Monitor, supervise, and coach subordinates in internal audit methodologies and approaches.

b) Provide mentorship and development opportunities to the IT audit team, fostering a culture of continuous improvement, professional growth, and knowledge sharing.

c) Ensure that team members are well-versed in emerging IT risks, cybersecurity frameworks, and relevant audit tools.

d) Promote a collaborative environment to encourage the exchange of ideas and best practices among the audit team.

5. Special Projects & Ad-Hoc Audits

a) Carry out ad-hoc or special audits as requested by the Audit Committee or management, based on direction from the Head of Department.

b) Provide support for special investigations involving IT systems or cybersecurity incidents to assist in identifying root causes and recommending corrective actions.

Skills

1.Technical Skills:

a)Strong knowledge of IIA Standards, COSO, IT Governance, Enterprise Risk Management, and Quality Assessment.

b)Membership in relevant professional bodies such as MIA, IIAM, CISA, or ACCA.

c)In-depth knowledge of business operations and processes in finance, banking, or statutory body industries.

d)Proficiency in data analytics, audit software, IT frameworks, and specialist skills in threat assessment and mitigation strategies to effectively plan and execute audits.

e)Good understanding of cybersecurity frameworks, cloud computing, emerging technologies, and their risks, including expertise in cloud security, AI, blockchain, IoT, and threat intelligence to identify and mitigate potential threats effectively.

f)Experience with risk management tools and knowledge of GRC (Governance, Risk, and Compliance) platforms.

g)Expertise in incident response planning, including developing and implementing response strategies for cybersecurity threats.

h)Proficiency in identifying, analyzing, and addressing emerging IT threats and vulnerabilities.

2.Communication Skills:

a)Strong communication skills, including report writing and articulating audit findings clearly to all levels of management.

b)Ability to translate technical findings into actionable business recommendations for non-technical stakeholders.

c)Capable of presenting complex audit findings to executive leadership in an understandable manner.

Qualifications & Experience

1. Degree in Computer Science, Information Technology, Management Information System, Cyber Security, or any other related field.

2. Minimum of 7 years in internal audit, including at least 3 years in a managerial position.

Attributes

1. Meticulous, detail oriented and analytical.

2. Assertive, independent and result-oriented.

3. A team player with strong leadership, negotiation skills and relationship management capability.