Senior Information Technology Audit Manager

**Overall Function**
Group Audit is an independent function within NETS Group. The primary purpose of Group Audit is to provide an independent and objective audit service to NETS Group based on a systematic risk-based approach to ensure key risks in the organization are identified, recommended controls / action plans discussed, agreed and reported to senior management in a timely manner.
Group Audit reports directly to the NETS Group Board on all audit related matters. The Board is assisted by the Audit and Risk Management Committee (ARMC) in fulfilling its oversight responsibilities for the financial reporting, internal control, risk management system, compliance framework and the audit process.
**Key Responsibilities**
- The Senior IT Audit Manager supports the Head of IT Audit in the risk assessment, annual audit planning, execution of risk based audit coverage and continuous risk monitoring.
- Drives the development and enhancement of audit work programs
- Ensure timely completion of audits from planning to report finalization and participates in issue follow-up.
- Supervise and coach team members to ensure that risks are identified and the work is performed in accordance to Group Audit's methodology
- Supports business audit team in providing technology expertise for integrated audits during project reviews.
- Engage stakeholders to evaluate IT projects and key IT initiatives, and the efficiency/effectiveness of SDLC and project management controls.
- The Senior IT Audit Manager may also be called upon to assist in Group Audit initiatives, investigations and projects as needed.
**Audit Planning**
- In Audit Lead capacity, sets the overall audit objective, scope and approach. Prepares the audit planning memorandum.
- Establish risk-based audit work programs to effectively evaluate soundness of the IT process and systems in place, based on industry best practices and regulatory requirements (e.g. MAS Technology Risk Management Guidelines, MAS Cyber Hygiene Notice, MAS Outsourcing Guidelines, CSA Cyber Security Code of Practice etc.)
- Identify possible review areas feasible for the use of data analytic tools for more complete testing.
- Overall responsible to ensure IT process analysis is adequately performed and risk review areas are identified
**Audit Fieldwork**
- Lead and supervise the execution of audit fieldwork to ensure proper evaluation of the design and effectiveness of the key controls and assessment of residual risk.
- Develop and execute audit tests using data analytic tools.
- Monitor the audit progress and review the work performed by team members to ensure that the audit assessments are adequately performed.
- Ensure audit files are adequately documented.
- Guide and coach junior team members.
- Ensure stakeholders are kept informed of the audit progress and issues arising.
**Audit Reporting**
- Discuss and seek Management buy-in on audit issues
- Provide practical recommendations (based on industry best practices, regulatory requirements/expectations) on mitigating actions on the identified risks.
- Responsible to ensure factual accuracy for the identified audit issues
- Ensure management action plans adequately address the identified risks
- Produce quality audit reports
- Ensure audit reports are issued in a timely manner
**Audit Issue Follow-up**
- Ensures audit issue follow-up is adequately and timely performed and documented.
**Requirements**:
- Degree in Computer Science, Information Systems or equivalent, with CISA or CISSP qualification.
- Minimum 10 years of internal and/or external audit experience. Prior experience in financial institutions (FIs) would be highly advantageous.
- Strong practical knowledge of IT and cybersecurity control concepts and auditing techniques.
- Sound understanding of MAS' TRM Notice, TRM Guidelines, Cyber Hygiene Notice as well as CSA' Cyber Security Code of Practice. Knowledge in NIST Cyber Security framework or CIS Controls will be desirable.
- Ability to work independently and in a team environment with strong interpersonal and collaboration skills.
- Ability to seek buy-in from Management and stake-holders.
- Strong analytical and report writing skills.
- Experience with programming language (e.g. Python, SQL), data analytics and visualisation tools (e.g., ACL, IDEA, Tableau) will be an advantage.
- Keen interest in emerging/payment technology and its associated risks.