Senior Manager, IT Audit

FIND YOUR BETTER AT AIA
If you believe in better, we'd love to hear from you.
WE ARE LOOKING FOR .....This role will lead the functional team to provide management and the Board with an objective, independent assessment of the internal control systems of Enterprise Applications and Data Risk through planning and execution of IT audit assignments. The individual will be a SME of business processing systems and data risk and ensure value added, accurate and relevant assessment to management by providing appropriate business-oriented recommendations and insights. He/she will be responsible for the audits assigned in the audit plan, reporting to management and relevant stakeholders, and supervising and developing the team and GIA.
Roles and Responsibilities:

• Identify key technology and data risks at the group-wide and local level for each entity considering the relevant strategies and business environment.
• Support the development of the annual audit plan considering the key risks identified. Direct the preparation of the annual audit plan and schedules for Group Office and BUs (business units).
• Plan, lead and execute audits and evaluate the adequacy of Business Process and Data related risks according to established schedule and quality.
• Partner closely with locations audit manager and CTOs to assess and maintain the IT audit universe and provide training, tools and support to non-SME's. Provide SME support to the broader GIA team on Business Systems and Data Risk reviews.
• Keep up-to date with emerging risks and risk good practice for areas of expertise and continuously mature GIA's capabilities and provide insights to key stakeholders.
• Plan and allocate resources to effectively accomplish the work to meet productivity and quality goals as well as adjust the IT audit plans based on the changing IT controls, risk posture, and/or business priority
• Build strong audit relationship with key IT Management of Group office and BUs via regular interaction to be informed of emerging risk issues and other key changes
• Identify and evaluate controls related to key business processes.
• Review audit reports and lead discussion of issues and remedial action plans with the appropriate levels of management.
• Facilitate issuance of audit reports to management.
• Lead the team to follow-up outstanding audit issues and monitor timely completion of agreed remedial actions by management.
• Direct the development of the SME team through coaching, training, and providing timely feedback to staff. Motivate and inspire the team by providing them with the information and tools they need to perform their duties.
• Evaluate the team has adequate human resources, technical expertise, and proficiency to cover the annual audit plan
• Oversee the work of the team members and ensure that the working papers, draft audit reports and other deliverables meet internal standards and assignments are completed within budgeted time.
• Facilitate training, mentor, and evaluate staff, and take corrective actions to address performance issues.
• Advocate and influence the highest standards of ethics, discipline, and professionalism within the organisation.
• Perform other responsibilities and duties periodically assigned by the Regional Director and/or Group Head of Internal Audit to meet operational and/or other requirements.

Job Requirements:

• University graduate in IT, Computer Science, or Business Degree.
• Minimum 10 years of IT audit or other relevant experience (e.g. IT risk/ security management or information systems implementation experience).
• Certificate holder of Certified Information Systems Auditor (CISA) / Certified Information Systems Security Professional (CISSP) / Certified Information Security Manager (CISM).
• SME of Business Process analysis and Data Risk/ Governance.
• Solid people management and staff development experience.
• Proven experience in infrastructure security, information security, cybersecurity, application security controls, system development process and/or business continuity management.
• Proven experience in dealing with regulators on IT controls related matters.
• Exposure in life insurance business or financial services industry is required.
• Knowledge with audit tools and other software such as TeamMate, ACL (data analytic tools) and MS Office.
• Good command of both oral and written English and Bahasa Malaysia.
• Strong leadership, project management and people development skills.
• Ability to work under pressure and meet milestones within time, cost and quality constraints
• Excellent analytical, written/verbal communication, presentation, interpersonal, and relationship building skills.
• Solid problem-solving skills, ability to coach the team to analyse complex data, identify core issues, investigate, evaluate and discuss the issues effectively with management to reach appropriate conclusions.
• Ability to adapt changes quickly and able to lead multiple projects effectively.