Senior Manager, Application Risk, Compliance & Audit

Responsible to manage and lead the compliance, governance, risk management and audit activities related to GASC department encompassing multiple applications within Group Application such as SAP (ECC, BI/BPC, SolMan, ARIBA, CONCUR), Global Lease Management System (GLMS), HRIT (Workday), Investment IT and etc.

• Responsible as the Risk Champion, Data Privacy Champion and ICFR champion for all related matters relating to GASC.
• Areas of oversight on GASC include but not limited to Information Technology General Controls (ITGC), Business Continuity Management (BCM), Third Party Security Assessment (TPSA), training and education.
• Responsible as the Application Portfolio Management (APM) for all related matters to Group Application.
• Coordinate and complete Financial Control Self-Assessment (FSCA) as per Group requirements, audits (both internal and external) and Local Business Unit (LBU) due diligence processes.
• Ensuring team adheres and completes required activities on a timely basis (e.g. Recertification, Disaster Recovery). Governance and advisory on process related.
• Work with various teams to ensure controls are adequate, appropriate and effective.
• Perform periodic gap assessments / reviews and execution to ensure compliance on an ongoing basis.
• Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
• Manage BAU activities as per defined in accordance to GASC operational policy (i.e. Complexity Matrix, Guidance Notes).
• Team leadership, coordination and administration for the team assigned.
• Participate in project arrangements and activities.
• May require short term travel, standby and shift arrangements.

• Internal: Liaises with stakeholders (e.g. Group Risk, Group Information Security, Group Internal Audit, across GASC team, Group & Local BU’s Risk & Compliance team’s) on matters pertaining to audit, standards, policies and controls.
• Attend to audit queries from Group Internal Audit and LBU Internal Audit ensuring all enquiries and evidence are provided within agreed timeline.
• External: Attend to external audit queries ensuring all enquiries and evidence are provided within agreed timeline.

• Bachelor’s Degree in Information Systems / System Audit or equivalent is required.

• At least 10 years of relevant experience in regional solution / system support, Governance, Audit or IT Risk Management.
• Relevant Center of Excellence (COE) experience especially in the area of audit & controls. Knowledge in SAP application is an added advantage.
• Having experience in managing and leading a team of specialist in Projects or Support Environment.

• ISACA (e.g. CRISC, CGEIT, CISA) or relevant certification is an added advantage.