• Possess at least a good Bachelor's degree, preferably in IT or MIS or equivalent; and
• Engage in professional development activities, including completion of a professional certificationprogram CISA/CIA/ISMS Lead Auditor professional certification will be an advantage.

Experience:

• At least (3) three years of working experience in managing IT internal audit assignment. Relatedexperience in large Audit/Consultation Firm or financial services is a plus.
• Sound knowledge of IT related matters and accounting principles.

Technical Qualifications

Auditing Standards

• Demonstrate competency in performing audit functions and have the required skills and knowledgenecessary to perform an audit.

Project Management

• Demonstrate ability to initiate, plan, executing and control a project/audit assignment. Also, demonstratethe ability to supervise audits and review the work performed by the auditors to ensure adequacy of auditscope and testing performed, and the accuracy of the conclusions reached and completion of theassignment within the stipulated time frame.
• Demonstrate ability in problem escalations which includes identifying, controlling and resolving theproblems in a timely manner and communicating the results for further actions.

Report Writing

• Demonstrate competency in providing audit report in an appropriate form to intended recipients uponcompletion of audit works.

Additional requirements

• Good organizational/analytical skills.
• Self-motivated and independent.
• Punctual and reliable, with good time management skills.
• Excellent communication/writing skills; Bahasa Malaysia & English.
• Experience in ISMS, COBIT, PCI DSS or any other audit framework is an added advantage.
• Familiar with ACL.

Responsibilities

Summary of responsibilities

• The departmental objectives are to plan, develop and deliver independent and objective assurance services to the Group Audit and Risk Committee (GARC) and senior management of the institution's on governance, internal controls and risk management processes mainly through the disciplined planning, implementing and reporting of internal audits conducted on the various audit entities.

The incumbent will require to:

• Assist the Head of IT Audit in managing and supervising IT audit jobs throughout the planning, field workand reporting phases within specified deadlines;
• Lead team and be involved in audits in accordance with the annual audit plan adopted by the Group Audit and Risk Committee. Audit findings reported are to be derived from proper testing of relevant and substantial evidence;
• Maintain audit programmes; and
• Participate / assist in the other audit assignments where assigned by the Head of IT Audit.

Key Areas of Responsibilities

• To provide independent and objective assurance and consulting services in accordance with the AuditCharter and based on "The Standards for the Professional Practice Framework" as prescribed by the Institute of Internal Auditors, BNM Guidelines and any other relevant standards.
• To lead and participate in IT audits within PayNet, which include:

To appraise the adequacy of the action taken by auditee and operating management to correct reported deficient conditions;

To review and recommend improvement of internal controls and policies and procedures designedto safeguard organization resources, promote organizational growth, and ensure compliance with applicable laws and regulations; and

To develop and maintain the audit programs.

o Actively facilitate and enable the achievement PayNet's goals and business plans througheffective communications and enagement with stakeholders
To assist Head of IT Audit to:

• Prepare reports on the results of Internal audit assignments for the Director of Internal Audit
• Follow-up on all audit recommendations that have been agreed upon by the management and report accordingly
• Perform ad-hoc review or any other assignments as directed.
• To develop and enhance the competency, skills and knowledge of fellow auditors by providing appropriate training and coaching.
• To participate as an observer in critical activities process such as key management, data patching, tenderopening, BRCP/DR testing, disposal of assets and report to immediate superior on the activities.
• To provide performance feedback to subordinates and peers (as applicable).
• To be aware of and uphold the security responsibilities as stated in the company's Information SecurityPolicy.
• To ensure all the information asset processing and day-to-day activities are based on the company'sGuidelines on Information Handling and Security Classification.
  

Job QnA

Find Answers, Ask Question and Get Answers from Employer about this job post

Senior Principal Engineer, Security Management