Job Description
The successful candidate will join SIA’s Internal Audit (IA) Division to provide independent and objective assurance to SIA Management and Audit Committee on the Group's IT governance, technology risk management (including cybersecurity) and control processes.
The Principal Auditor will take a leading role in identifying, assessing and measuring technology-related risks.
Key responsibilities
Provide independent and objective assurance to SIA Management and Audit Committee on the Group's IT governance, technology risk management and control processes.Develop and maintain an IT Infrastructure (including cybersecurity) and processes audit universe for audit planning.Collaborate closely with the IT Division (ITD) to identify key infrastructure, IT process risks, and cybersecurity defences for inclusion in the IT audit universe.Execute the IT audit projects according to the approved annual audit plan on a timely basis, ensuring completion of the annual audit plan within the approved resources and budget.
This includes conducting the opening and closing meetings with relevant stakeholders and tracking the recommendations until closure.Maintain high quality work papers and documentation for knowledge development and retention.Provide quarterly updates on IT audits issues for Audit Committee reporting and assist the internal audit leadership to prepare quality audit committee papers.
Provide IT advisory service to SIA Group to add value and improve the business processes.
Serve as the go-to subject matter expert for IT infrastructure and process controls, providing advisory services sought by SIA business units.
Enhance IT audit digital techniques and tools (including analytics, automation, Gen AI) to increase efficiency and effectiveness of IT Audit services.
Provide technical training and mentorship to develop auditors’ IT audit capabilities and professional practices.
Requirements
Possess a university degree in related to information technology, information security, computer science, computer engineering or related fields Professional IT certification in at least one area such as Certified Information Systems Auditor (CISA), Certified Information System Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certificate of Cloud Auditing Knowledge (CCSK) is a mustPreferably minimum 8 years of IT working experience with at least 4 years in IT auditStrong knowledge of IT governance, security and risk management, including, security architecture review, IT process analysis, enterprise risk management, IT application controls as well as leveraging on data analytics.
Good understanding of ISO, NIST, ITIL and cybersecurity frameworkGood understanding of multi-cloud environments and enterprise IT architectural design, operating systems (such as Windows and Unix), databases, network protocols, and cybersecurity solutionsProficient in programming/scripting such as PowerShell and PythonPossess excellent project management and audit engagement capabilitiesKeen interest in learning about emerging technologies, system vulnerabilities and technology trends, and actively pursuing knowledge to maintain relevance in the rapidly evolving technological landscapePossess good written and communication skills, problem-solving and decision-making skills with an eye for details