Job Summary
Short Description / Purpose of Job:
Manage and conduct IT audits, with a primary focus on information and cyber security, for a major global chemicals and energy company. The goal is to mitigate information management and cyber security risks that impact the business operations and provide expert insights. Effectively oversee audit budgets and resource allocations for assigned audit tasks as necessary while ensuring timely reporting. Monitor the quality of audits in accordance with the relevant Operating Manual.
Recruitment Description / Key Accountabilities:
- Prepare and review planning memorandums and audit programs. Adjust the audit focus toward high-risk areas and track progress towards strategic objectives.
- Execute audits by identifying risks and weaknesses, ensuring that processes and systems comply with relevant policies, standards, statutory, and regulatory requirements.
- Manage and conduct both planned and ad-hoc audits (self-directed and managed audits), allocating resources in line with budgetary requirements and established timelines to contribute to the completion of the integrated risk-based annual assurance plan (IRBAAP).
- Conduct audits to provide assurance that the internal system controls, established by management to safeguard the company's assets and liabilities, are effectively designed and operational.
- Ensure the submission of factual and timely reports (self-directed and managed) within the stipulated reporting protocol, and incorporate changes based on stakeholder feedback.
- Thoroughly document all audit working papers, including the evidence supporting audit report findings and results.
- Review audit reports and working papers of managed audits when requested by the Senior Manager or Head of Function.
- Plan, manage, execute, and report on overseas audits when necessary.
- Conduct quality peer reviews and adhere to quality improvement practices.
- Assess the performance of all team members involved in managed audits and take appropriate corrective actions.
- Contribute to the preparation and submission of reports to the Group Executive Committee, Governance Committees, Executive Committees, and company Limited Audit Committee.
- Monitor progress against the annual audit plan, identify significant governance issues, and escalate them to top management as required.
- Engage with relevant stakeholders, participate in relevant stakeholder forums, and provide specialized advice.
- Contribute to the development and implementation of the integrated risk-based annual assurance plan.
- Stay up-to-date with and share knowledge regarding new and emerging developments in the internal audit profession and technological solutions.
- Execute and provide support for non-audit activities as assigned.
Formal Education:
Minimum Experience:
- A minimum of 9 years of relevant experience related to auditing and information and cyber security.
Certifications & Professional Membership:
- Possession of Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and/or Certified Ethical Hacking (CEH) certifications is advantageous.
Competencies:
- Collaboration: The ability to work with others to produce effective outcomes.
- Critical Reasoning: The capability to think critically about issues logically and sensibly, considering all factors.
- Execution Capability: The underlying ability to carry out strategies, projects, or daily work effectively.
- Problem Solving: A systematic approach to defining, researching, and solving problems, involving critical thinking, analysis, and persistence.
- Project Management: The skill of planning, organizing, and managing tasks and resources to achieve specific objectives, often within constraints of time, resources, and cost.
- Relationship Management: The conscious effort to develop and maintain long-term, trust-based relationships with internal and external stakeholders, including customers, distributors, suppliers, and other essential parties.
- Reporting: The ability to extract information from databases, forms, and various sources and create reports in compliance with requirements.
- Self-Mastery: Taking responsibility for personal growth through self-awareness, reflection, seeking feedback, and self-correction.
- Tech Savvy: Proficiency in the Information Technology Industry, including knowledge of trends, emerging technology, best practices, competition, regulations, and legislation.