Senior Manager, IT Audit

Add expected salary to your profile for insights.

To lead in conducting audit on Bank’s Information System and any ad-hoc assignments including investigations as directed by the Group Chief Internal Auditor (GCIA) or Section Head. To follow-up on outstanding audit issues until their resolution.

To assist the Head of IS Audit for leading and managing all IT audit and related activities including investigation of Bank Islam and subsidiaries’ information system.

Responsibilities:

General

1. To assist Section Head to develop an Annual Audit Plan (AP) before the start of the financial year, identifying the audit universe, specifying the auditable areas (split into mandatory and non-mandatory), resources required and duration.
2. To assist Section Head to review, develop and maintain Audit Work Programs, and supervising/managing audit teams related to identified auditable areas that include but not limited to technology risk and cyber resilience covering the governance and IT operations functions that cover the existing Banking and/or future CDX and other digital/ virtual Banking operations.
3. To assist Section Head to provide the Group Chief Internal Auditor (GCIA) quarterly assessment on the Risk Universe.
4. Other alternate roles as assigned by Section Head subject to approval by GCIA.

Team Leader – Technical IT Audit

1. To lead audit assignment and/or assist team leader in preparation of pre-audit activities, such as the audit letter, Audit Planning Memorandum, Time Work Sheet, Cost Sheet for audit areas identified. Audit program should demonstrate understanding of business environment, define the overall audit objectives, perform risk assessment (i.e. identify risk and exposure, calculate the impact and likelihood of the risk and outline suitable cost-effective control) and match risk to resources.
2. Lead, supervise and/or assist team leader to conduct audits and review team members’ audit work.
3. Obtain and file adequate audit evidence. Obtain third party confirmation if necessary. Evidence must be sufficient, reliable, relevant and useful.
4. Document audit observations, either through audit findings or improvement recommendations (MFV), clearly identifying the criteria, condition, cause, risk (clearly state high, medium or not applicable), recommendation, and obtain management comments, if necessary.
5. To discuss audit findings with team leader/Section Head on the audit findings.
6. Discuss and determine Audit Risk Rating with the team leader/Section Head for the audited entity.
7. Ensure proper and adequate audit working papers are kept and submitted to team leader/Section Head once finished for filing purpose.
8. Prepare, amend and finalize on audit findings and/or assist team leader in finalizing audit report, presentation slides and Management Letter for Section Head review and for GCIA’s approval.
9. Review audit responses. Monitor, track and follow-up on any audit findings that had been issued until full resolution. Propose closure of audit report to the Section Head upon resolution of all issued findings.
10. Ensure professionalism, objectivity, integrity and ethics are maintained at all times.
11. Attend internal/external training as volunteered or nominated by the Section Head and conduct debriefing to the internal Audit staff within 30 days.
12. Ensure adherence and compliance to all internal policies/guidelines and external regulatory requirement from time to time.
13. Any other duties/assignment as and when directed/assigned by the superior from time to time/as per business requirement from time to time.

Team Leader – Investigation (IT)

1. To conduct investigation on cases assigned by GCIA/Section Head and prepare investigation report upon completion of the investigation.
2. To assist other party (divisions/departments/branches etc.) in the investigations related to IT, where necessary.
3. To escalate & follow-up process improvement/recommendation(s), i.e., tracking the progress of the recommendation(s) on action to be taken by other units/departments.
4. To maintain register on status of investigation report’s recommendations and provide status update to GCIA/Section Head until it is closed.

Requirements:

1. Degree in IT or any equivalent degree.
2. Hands-on experience in cloud computing/technology, ideally someone who also holds relevant certifications like CISA, CCSK, CCAK, or CCSP.
3. Strong hands-on experience in cloud computing/technologies, particularly AWS, Azure, or GCP environments.
4. Prior involvement in auditing or assessing cloud solutions, cloud migration, cloud controls, and compliance with frameworks such as RMiT, NIST, ISO 27017/27018, or CIS benchmarks.
5. Relevant professional certifications: CISA (preferably), and/or CCSK, CCAK, CCSP.
6. A background in IT Audit, Cybersecurity, or Cloud Risk/Compliance would be ideal.
7. Strong understanding of cloud governance, shared responsibility models, and related security practices.
8. Preferably with internal audit or assurance experience in financial institutions or regulated environments.