Vice President (IT Audit)

• Plan, execute, and report on audit assignments for both ongoing and completed projects, ensuring alignment with bank policies, regulations, and international standards (including MAS and ISO frameworks).
• Assess project management processes for compliance with governance requirements, identifying risks in execution, cost, scope, and schedule.
• Review project documentation for completeness, accuracy, and regulatory adherence, including risk assessments at various project phases.
• Collaborate with project managers and stakeholders to advise on IT risk management and control design throughout project lifecycles, recommending process improvements and closing identified gaps.
• Monitor implementation of audit recommendations to ensure corrective actions are effective and timely.
• Integrated and Application Controls Audit
• Evaluate effectiveness of application controls in banking platforms, focusing on completeness, accuracy, validity, authorisation, segregation of duties, and reliability of financial data processing.
• Review both manual and automated controls, including system documentation, input, processing, output, data transmission, and master file controls.
• Test application controls relevant to core banking systems, payments, regulatory reporting, digital channels, and financial products.
• Analyse change management across applications, infrastructure, and databases, assessing the impact of releases and upgrades.
• System Development Lifecycle (SDLC) & DevSecOps/Agile Audits
• Assess design and operational effectiveness of controls across SDLC phases, including requirements gathering, development, testing, deployment, and maintenance.
• Audit agile and DevSecOps practices to ensure continuous integration of security, compliance, and control requirements.
• Evaluate security controls embedded in DevSecOps pipelines, such as automated code scanning, penetration testing, secure architecture reviews, and compliance validation.
• Verify cloud and hybrid environment controls, ensuring alignment with MAS TRM and global regulatory standards.
• Conduct risk assessments for new and existing systems, focusing on data integrity, cybersecurity, fraud prevention, and compliance.
• Advise on remediation of identified control weaknesses in collaboration with management, technical teams, and external auditors.
• Provide recommendations for improving the bank’s IT control environment and its application across new industry technologies (e.g., cloud, AI/ML, blockchain).
• Stakeholder Engagement & Reporting
• Engage proactively with IT, risk, compliance, and business teams to facilitate alignment of audit findings with business objectives.
• Prepare and present thorough audit reports and risk assessments to senior management and audit committees.
• Participate in continuous improvement initiatives for the audit function and deliver training on best practices in project and application auditing.
• Stay abreast of emerging technologies, regulatory requirements, and industry best practices.
• Contribute to the enhancement of audit methodologies, tools, and frameworks.

• Education & Experience
• Bachelor’s degree in information technology, Computer Science, or equivalent.
• 8–12 years of hands‑on IT audit experience, preferably in a regulated banking or financial services setting.
• In-depth knowledge of SDLC methodologies (Agile, Waterfall, Hybrid), application controls (including financial reporting systems), SDLC, Agile, and DevSecOps practices.
• Hands‑on experience with DevSecOps tools and frameworks.
• Proficient in project management and risk assessment techniques.
• Strong expertise in cybersecurity, cloud risk assessments, data analytics, application controls, IT general controls, and compliance with MAS TRM guidelines.
• Excellent understanding of regulatory requirements and international standards (COBIT, NIST, ISO/IEC 27001, MAS TRM).
• Superior analytical, communication, and stakeholder management skills.
• Experience with data analytics platforms, enterprise security tools, and cloud environments is highly desirable.
• Additional Relevant Duties from Industry Best Practices
• Participate or observe in key testing events (e.g., BCP/DR) or critical system implementations.
• Support ad‑hoc investigations and management requests in relation to IT risk incidents, regulatory inquiries, or forensic analysis.
• Lead audit programme development and documentation of findings in support of continuous maturity upgrades.
• Drive adoption and standardisation of best practices in IT risk management and audit across the region.
• Banking Knowledge
• Familiarity with corporate and commercial banking products, processes, and regulatory requirements.
• Certifications (Preferred)
• CISA, CISSP, PMP, or equivalent professional certifications.
• Core Competencies
• Excellent analytical, communication, and report‑writing skills.
• Ability to work independently and collaboratively in a multi‑disciplinary team.
• Strong stakeholder management and influencing skills.

Executive

Full‑time

Information Technology