Senior Manager, Group Internal Audit

About FWD Group

FWD Group (1828.HK) is a pan-Asian life and health insurance business that serves more than 38 million customers across 10 markets, including BRI Life in Indonesia. FWD's customer-led and tech-enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience. Established in 2013, the company operates in some of the fastest-growing insurance markets in the world with a vision of changing the way people feel about insurance. FWD Group is listed on the main board of the Hong Kong Stock Exchange under the stock code 1828.

For more information, please visit

FWD Technology and Innovation Malaysia Sdn. Bhd., known as FWD TIM, was established in late 2019. Strategically located in Kuala Lumpur, FWD TIM serves as a pivotal shared service location within FWD Group, providing services to multiple markets across the Group. FWD TIM houses a diverse and talented workforce focused on essential business and technology services such as information security, cloud operations, IT solutions delivery, digital and data, actuarial, finance, investments, and customer service, among many others. FWD TIM is dedicated to drive and deliver operational excellence and efficiency, foster innovation and ensure regulatory compliance across all business functions as well as maintain a competitive edge in the market.

PURPOSE

• Support the Group Head of IT Audit in planning, executing, and delivering IT audits across all Business Units.

• Assist the Group Head of IT Audit in providing independent assurance to the Board, Executive Committee, and Audit Committee on the effectiveness of IT risk management, internal controls, and governance processes across FWD.

KEY ACCOUNTABILITIES

• Lead and execute end‑to‑end IT audits, covering planning, fieldwork, reporting, and issue follow‑up, in accordance with the approved audit methodology.

• Prepare clear, concise, and high‑quality audit reports that articulate key risks, root causes, and agreed management actions.

• Contribute to the development and ongoing enhancement of the annual IT audit plan and Group IT audit methodology.

• Design, develop, and implement audit tools and methodologies to improve the efficiency, consistency, and effectiveness of IT audit activities.

• Act as a subject matter expert, providing technical guidance and support to country IT auditors and audit teams as required.

• Monitor and independently validate the timely and effective implementation of management‑agreed actions relating to IT audit issues.

KEY PERFORMANCE INDICATORS

• IT audits are planned and executed in full compliance with the approved Group Audit Methodology.

• IT audits are completed within agreed timelines and in accordance with the approved annual audit plan.

• Audit observations and reports are of high quality, clearly articulated, and include practical, effective, and actionable recommendations.

• Proactive engagement with IT management is demonstrated through regular interactions, timely analysis of management information, and effective input into the development of the annual IT audit plan.

• Audit issue validation is performed on a timely basis, in line with agreed management actions and committed timelines.

EXTERNAL & INTERNAL CONTACTS

• Group and Country Chief Technology Officers (CTOs).

• Group and Country IT management and key stakeholders relevant to audit assignments.

• Group Internal Audit management and audit teams.

• External consultants and subject matter experts engaged for IT‑related audit or advisory engagements.

DECISION MAKING

• Determination of IT audit scope, audit approach, and audit timelines.

• Assessment and proposal of audit issue risk ratings and overall audit conclusions for reporting.

QUALIFICATIONS / EXPERIENCE

• Bachelor's degree from a recognized university in Information Technology, Computer Science, Data Analytics, Accounting, or related disciplines.

• Minimum of 5 years of relevant IT audit experience, preferably within an internal audit function.

• Experience within the insurance and/or banking industry, with exposure to regulated environments.

• Professional certifications in information systems and/or accounting, such as CISA, CISM, or equivalent.

• Practical experience in applying data analytics techniques to support audit planning and execution.

• Hands‑on experience in reviewing or assessing ISO/IEC 27001 certification or information security management systems.

KNOWLEDGE & TECHNICAL SKILLS

• Strong knowledge of IT application development and supporting technologies, including artificial intelligence, cybersecurity, network security, and cloud security controls.

• Sound understanding of internal audit methodologies, IT risk assessment approaches, and risk management frameworks.

• Strong written communication skills, with the ability to produce clear, concise, and well‑structured audit reports in English.

COMPETENCIES

• Strong attention to detail, with well‑developed analytical and problem‑solving skills.

• Effective interpersonal and communication skills (both verbal and written), with the ability to engage, influence, and constructively challenge senior stakeholders while building strong working relationships across locations and functions.

• Demonstrated ability to lead and deliver IT audit engagements across multiple locations, working independently with minimal supervision while also contributing effectively as a team member.

• Strong technical aptitude, with a proactive and self‑motivated approach to continuously developing knowledge of emerging technologies and evolving IT risk areas.

• Sound professional judgement and resilience when dealing with complex, sensitive, or contentious audit matters.