Assistant Director, IT Audit

In this role, you will lead the Line 3 audit coverage for IT applications team to oversee enterprise systems and processes, such as Finance SAP, supporting public healthcare institutions and shared services. In-scope workflows include finance, payments, logistics, procurement, HR, payroll, IT and Third-Party Services. You will also serve as the technical domain lead to drive the coverage of audit universe for IT third‑party services, data management & security, business applications, transformations, and advisories. As the IT anchor for selected healthcare entities and clusters, you will manage IT audit requirements and update the assigned Audit Board Committees and manage the audit coverage for operational processes in some of these legal entities. Below are some examples:

• Application controls (input controls, output controls, application configurations; processing logic and interface controls).

• - Assess adequacy of accuracy, completeness and availability of data

• - Review access controls including SAP Authorisation across finance processes for GL, AR, AP, etc.

• Using Data Analytics to identify improvements in application design / system transaction flows, or improvement in business processes.

• Review IT operational controls (e.g. change controls, computer operations, monitoring controls, etc.).

• Participate in System Development Life Cycle (SDLC) review to provide advice on security and control features during the development stage including pre‑implementation and post‑implementation controls.

• To review the system availability for operations in the different lines of businesses.

• To present and communicate with the Audit Committee and Senior Management of the MOHH group of entities on the IT audit findings.

• To present and articulate the IT, Operations and cyber security observations to senior management.

• Ensures staff compliance with Audit Procedures when reviewing/approving audit plans, working papers, audit reports and other ad hoc assignments submitted by staff.

• Managing resources and projects to meet the internal audit plan established and delivery of quality outputs.

• Drive IT audits, advisory and investigation work on the stakeholders.

• Prepare and present insightful findings to Management and Audit Committee, and perform any other duties as assigned.

• Deliver high quality and efficient audit and advisory services.

• Coach and develop people by sharing knowledge with team members and helping team members attain experiences that cultivate technical competencies.

• Manage IT auditors’ performance, oversee IT training and development and ensure appropriate resources of IT capabilities.

• Establishing and maintaining key business relationships with internal firm leadership and the firm's external auditors resulting in maximum effectiveness.

• Plan, perform and lead audits of complex system and/or operations or perform components of such audits.
  

• Degree in Computing or Accountancy

• CIA/CISA/CRISC/CISM/CISSP/PMP/Agile certifications are added advantage.

• Practical knowledge of Microsoft technologies, open source (e.g. Linux), SAP HANA, OBIEE, SQL, RPA (e.g. UI Path), Oracle, cloud hosting, behavioural analytics, datacentre operations or SaaS (Software as a Service) will be beneficial.

• Understanding of any operation procedures (Finance, transaction processing, procurement, etc) and the corresponding risks & controls; To formulate audit coverage and provide integrated assurance.

• Good understanding of the audit methodology and the security defence measures put in place.

• Strong understanding and risk and controls, ability to articulate issues, and provide board & management reporting.

• Strong understanding of complex business and IT processes, and their related risks.

• Staff and audit project management experience is preferred.

• Proven experience in delivering internal audit and advisory engagements.

• Able to evaluate IT internal controls and identify opportunities for controls improvement.

• Able to identify other areas of business initiatives and changes in the business environment and assess their impact on the business control environment.

• Resourceful and possess good interpersonal and communication skills as well as good leadership qualities.

• Able to work independently and as an effective team player.

• At least 7 years of IT external or internal audit working experience to audit the application systems with big 4 Accounting firms or large conglomerates.

• Years of IT security implementation experience either from in‑house capability; a Service Integrator (SI) environment or from a consulting firm are also welcome.