IT Audit Manager

The NETS Group is a leading payments services group, enabling digital payments for merchants, consumers and banks across the entire payments value chain. 

 

The Group operates Singapore's national debit scheme enabling customers of DBS Bank/POSB, HSBC, Maybank, OCBC Bank, Standard Chartered Bank and UOB to make payments using their ATM cards or mobile devices at more than 130,000 acceptance points in the country as well as online payments.

Position Summary

Group Audit is an independent function within NETS Group that provides an objective assurance and risk advisory role. The primary purpose of the role is to provide an independent and objective audit service to NETS Group based on a systematic risk-based approach to ensure key risks in the organization are identified, recommended controls / action plans discussed, agreed and reported to senior management in a timely manner.

Group Audit reports directly to the NETS Group Board on all audit related matters. The Board is assisted by the Audit and Risk Management Committee (ARMC) in fulfilling its oversight responsibilities for the financial reporting, internal control, risk management system, compliance framework and the audit process.

Key Responsibilities

• Leads and conducts IT and cybersecurity audits on technology platforms (enterprise applications, operating, database systems, network infrastructure), IT and cybersecurity operations, project reviews, as well as participates in integrated audits.
• Conducts the audit from planning to report finalization and participates in issue follow-up.
• Ensure timely completion of audits from planning to report finalization.
• Ensure that risks are identified and the work is performed in accordance to Group Audit's methodology.
• Supports the development and enhancement of audit work programs.
• Supports business audit team in providing technology expertise for integrated audits during project reviews.
• The IT Audit Manager may be called upon to assume an advisory role to stakeholders as required to support enterprise IT projects and initiatives
• The IT Audit Manager may also be called upon to assist in Group Audit initiatives, investigations and projects as needed.

Audit Planning

• In Audit Lead capacity, support the Head of IT Audit and/or Senior IT Audit Manager to set the overall audit objective, scope and approach. Prepares the audit planning memorandum.
• Establish risk-based audit work programs to effectively evaluate soundness of the IT process and systems in place, based on industry best practices and regulatory requirements (e.g. MAS Technology Risk Management Guidelines, MAS Cyber Hygiene Notice, MAS Outsourcing Guidelines, CSA Cyber Security Code of Practice etc.)
• Identify and evaluate feasibility of applying data analytic tests on audit data
• Participates in IT process analysis, and ensure that it is adequately performed and risk review areas are identified

Audit Fieldwork

• Lead and supervise the execution of audit fieldwork to ensure proper evaluation of the design and effectiveness of the key controls and assessment of residual risk.
• Develop and execute audit tests using data analytic tools.
• Monitor the audit progress to ensure that the audit assessments are adequately performed.
• Ensure audit files are adequately documented.
• Coach junior team members to ensure that control test objectives are adequately performed.
• Ensure stakeholders are kept informed of the audit progress and issues arising.
• Project manage audits to ensure that audits can be completed within budget.

Audit Reporting

• Discuss and seek Management buy-in on audit issues
• Provide practical recommendations (based on industry best practices, regulatory requirements/expectations) on mitigating actions on the identified risks.
• Responsible to ensure factual accuracy for the identified audit issues
• Ensure management action plans adequately address the identified risks
• Produce well-written audit issues
• Supports the issuance of audit reports in a timely manner

Audit Issue Follow-up

• Ensures audit issue follow-up is adequately and timely performed and documented. 

Requirements

• Degree in Computer Science, Information Systems or equivalent, with relevant professional qualifications (e.g. CISA, CISSP, CISM, CCSP)
• Minimum 6 years of internal and/or external audit experience. Prior experience in financial institutions (FIs) would be highly advantageous
• Sound practical knowledge of IT and cybersecurity control concepts and auditing techniques.
• Good understanding of MAS' TRM Notice, TRM Guidelines, Cyber Hygiene Notice as well as CSA' Cyber Security Code of Practice. Knowledge in NIST Cyber Security framework or CIS Controls will be desirable.
• Prior experience with technical expertise in an operational role within IT/Cyber Security or IT Risk/Governance will be highly advantageous (e.g. Network/System administrator, Cloud security engineer, DevSecOps engineer etc.)
• Ability to work independently and in a team environment with strong interpersonal and collaboration skills.
• Ability to seek buy-in from Management and stake-holders.
• Strong analytical and report writing skills.
• Experience with programming language (e.g. Python, SQL), data analytics and visualisation tools (e.g., Power BI, ACL, Tableau) will be an advantage.
• Keen interest in emerging/payment technology and its associated risks.

Network for Electronic Transfers (Singapore) Pte Ltd.