Manager - IT Audit (Risk & Compliance)

The role reports to the Section Head, IT Audit, and is responsible for planning and executing IT audits for the Great Eastern Group of Companies. You will assist the Singapore Chief Internal Auditor, Group Internal Audit, in providing independent and objective assurance to improve the Group’s IT control environment.

1. Participate or lead in the planning and execution of audit assignments to ensure quality and timeliness of reports and deliverables.
2. Develop risk-based audit plans and testing programs.
3. Ensure coverage of relevant regulatory requirements and recommend improvements to corporate policies, procedures, and practices to enhance IT control design and enforcement.
4. Support business audits through integrated or thematic audits by providing technology expertise and evaluating IT controls supporting business operations.
5. Manage or participate in ad-hoc assignments, including special projects and investigations.
6. Contribute to continuous monitoring of technology risk areas and establish strong relationships with technology stakeholders, including risk management and control groups.
7. Assist in follow-up with auditees on outstanding audit findings through the issuance of Audit Tracking Reports and verification of resolved findings.
8. Ensure compliance with audit operating standards and procedures, and meet the requirements of the Quality Assurance Review.
9. Consider business and regulatory compliance risks and take appropriate mitigation steps.
10. Maintain awareness of industry trends related to regulatory compliance, emerging threats, and technologies to better safeguard the company.
11. Proactively highlight potential risks and share best risk management practices.

• 5-7 years of relevant experience in IT audit, security governance, and/or Technology Risk Management, preferably in banking or financial institutions.
• Knowledge or exposure to AI, cybersecurity controls, infrastructure technology (cloud security, network, virtualization), ethical hacking, application security, API, microservices, and secure coding standards.
• Familiarity with regulatory requirements specific to technology risk management (e.g., MAS, BNM, OJK).
• Excellent report writing, communication, and presentation skills.
• Ability to complete audit work papers and reports with minimal supervision.
• Experience in continuous monitoring of technology areas and engaging with technology control partners.
• Attention to detail to ensure completeness and accuracy of audit coverage.
• Strong analytical skills, time management, independence, and collaboration skills.
• Good interpersonal skills to interact effectively at all levels of staff.
• Bachelor's degree in Computer Science, Engineering, Accounting, or related fields; professional certifications such as CISA, CISM, CEH, CISSP, or CCSP are preferred.
• High integrity, accountability, and a positive attitude towards teamwork.
• Proactive, adaptable, and self-motivated with a willingness to improve processes.
• Willingness and ability to travel overseas when required (estimated 10%).