Assistant Vice President Technology Audit

Role Purpose: Lead and execute complex technology internal audit assignments and investigations, covering : Information Technology, Telecommunication Network and Data/AI Governance, ensuring all work is performed with due professional care and in full compliance with applicable Internal Audit standards. The role also provides significant input into the development of the Annual Internal Audit Plan and plays a key role in audit follow-up activities to ensure effective remediation by management. As IOH accelerates its transformation into a digital-first telco—leveraging 5G, AI, and large-scale data ecosystems—this role is also required to utilize advanced data science and analytics to enable real-time risk monitoring, audit complex AI algorithms, and provide assurance that IOH’s digital transformation is built on a strong foundation of trust, security, and compliance with Indonesia’s evolving regulatory requirements.

Audit Planning:

• Obtain preliminary data, document & information from auditee and understanding of strategy, objective, key initiative, business process of the auditable area/process.
• Identify & understanding of applicable laws, regulations, and internal policies.
• Perform risk assessment on the auditable area, by considering inherent risk and other risks (e.g. compliance, fraud, technology, AI).
• Identify opportunities to use data analytic, AI or continuous auditing.
• Formulate Risk Control Matrix (RCM) and audit procedure.
• Conduct the Entrance Meeting with auditee.
• Complete the Audit Assignment Planning program and procedures in TeamMate EWP.

Audit Fieldwork & Reporting:

• Perform audit fieldwork activities—including testing, observation, analytical review, and interviews—in accordance with the Risk Control Matrix (RCM), approved audit procedures, audit scope, and audit period, by leveraging advanced data analytics and AI tools.
• Perform penetration testing or other appropriate technical assessments to identify system vulnerabilities and security weaknesses.
• Document audit fieldwork results and supporting evidence in audit working papers and the Teammate EWP system in a complete, accurate, and timely manner.
• Document identified control weaknesses in the audit report, clearly outlining the audit criteria, root cause, detailed observations, impact, and practical recommendations.
• Communicate identified control weaknesses with auditee management, and obtain formal management responses, agreed action plans, and target completion dates for each recommendation.
• Conduct Exit Meeting with auditee management to present audit results, confirm understanding, and align on agreed remediation actions.

Follow-Up Audit:

• Check the status of agreed action plans that have been due/ and implemented in TeamCentral.
• Follow up to auditees and validate management actions toward agreed action plans, including assess whether the action plans have been fully/partially or not been implemented or no longer relevant.
• Prepare Follow-Up Audit Working Papers and obtain approval from VP Head of Technology Audit and CIAO.
• Update the status of agreed action plans in TeamMate EWP.

Artificial Intelligence & Continuous Auditing:

• Identify audit areas suitable for AI & continuous auditing, and allign with the IA Strategy and Annual Audit Plan.
• Identify key data sources (applications, databases, logs, third-party systems). Assess data quality, completeness, accuracy, and timeliness.
• Define key risk indicators (KRIs) and continuous audit rules.
• Develop rule-based analytics (e.g., threshold, exception, pattern analysis).
• Design and test AI / ML models for anomaly detection, fraud detection, or predictive risk.
• Establish automation for continuous execution and dashboard for red flag/alert monitoring.
• Continuously enhance models based on lessons learned.

Qualification:

• Bachelor’s or Master’s degree in Information Technology, Information Systems, Computer Science, or Data Science.
• Preferably holds one or more professional certifications in IT and/or networking, such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), IT Infrastructure Library (ITIL), or Certified Information Systems Security Professional (CISSP). Cloud certifications (e.g., Google Cloud Platform, AWS, or Azure Certified Solutions Architect) are considered an advantage.
• Fluency in English and Bahasa Indonesia is essential for effective communication with auditees and global stakeholders.

Related Experience:

• Minimum of 10 years’ professional experience in IT Audit and Governance, Data Risk, or Cybersecurity. Experience in a Big 4 firm followed by an in-house role within a high-growth technology, telecommunications, or banking organization is highly preferred.
• Strong experience in Computer Assisted Audit Techniques (CAATs), advanced data querying using Python and/or SQL, and data mining techniques.
• Hands-on experience in auditing cloud environments, such as Google Cloud Platform (GCP), AWS, Azure, and containerized platforms including Kubernetes.
• Experience in auditing telecommunications systems, including rating, charging, provisioning, and billing platforms.
• Experience in auditing telecommunications network domains, including Radio Access Network (RAN), transport, and core network.
• Experience with Robotic Process Automation (RPA), Extract–Transform–Load (ETL) processes, and AI / Machine Learning tools.
• Strong knowledge of telecommunications industry best practices, policies, procedures, regulatory requirements, and applicable laws.

Skills:

• Control Objectives for Information and Related Technology (COBIT) from Information Systems Audit and Control Association (ISACA).
• Enhanced Telecommunication Map (eTOM) Business Process Framework from Telecommunication Management (TM) Forum.
• Advance Data Analytic, Automation, AI and Machine Learning.
• Effective communication and interpersonal skills, including report writing and presentation skills for presenting findings and recommendations for improvement.
• Fluent verbal and written communication in English.
• Fast Learner & Team orientation.

Location: ID

Level: Managerial

Employment Status: Permanent

Department: Office of Chief Internal Audit

Email Group Legal & Corporate
corporate.secretary@ioh.co.id
Email Investor Communication:
investor@ioh.co.id