Audit Lead, Cyber Security

Objective

Assist the Functional Area Head in the execution of the approved audit plan / other assignments and in coaching team members.

Develop audit plans to assess the adequacy of cybersecurity controls designed to protect sensitive data and systems from internal and external threat, identify gaps and provide recommendations for improvements.

Perform cybersecurity audits including audits of security programs, vulnerability assessments, network security, incident response, access management and third party risk management.

Provide insights into areas of potential vulnerability and recommend corrective action.

Keep up to date with industry trends, regulatory changes and emerging cybersecurity threats.

Responsibilities

Plan, execute and manage the risk-based audit assignments as per the Audit Plan to ensure the audit fulfil the approved audit objectives and audit scope and the standards as prescribed in the Audit Methodology.

Monitor audit assignment to ensure completion of each audit within the budgeted timeline, manpower resources and cost allocation.

Review the draft audit findings, root causes and recommendations for each audit assignment to ensure that they are appropriate for discussion with the line management.

Attend the end-of-audit discussion with the auditees to confirm the draft audit findings, root causes and recommendations.

Review the draft audit reports to ensure that all significant audit findings with their risk / impact identified and the underlying root causes are reported with appropriate audit recommendations in order to strengthen the existing internal controls.

Monitor and follow-up with auditees timely on the implementation status of the audit recommendations with regard to audit finding raised, and follow-up on matters arising from deliberation of the audit reports at the MAC meeting.

Conduct special review, ad-hoc assignment and investigation as directed by superior within the allocated time, resources and cost.

Review new / updated policies, procedures and processes to ensure appropriate internal controls are incorporated.

Perform timely review of the Electronic Working Paper (EWP) of subordinates and ensure proper completion of audit documentation in the Audit Management System (AMS) for every audit assignment.

Review the Audit Programs and ensure timely updated with the relevant guidelines and changes in processes as well as adequacy of scope and coverage.

Motivate, coach and provide on-the-job training to subordinates and to enhance the quality of work and deliverables by the staff.

Attend the Group’s project meeting where required and provide recommendations on key controls to be considered upfront by Management.

Assist the FA Head in the preparation of the Annual Audit Plan including carrying out risk assessment exercise on all the audit universe.

Perform any other duties as assigned by the superior.

Requirements

Bachelor’s Degree in Computer Science, Information Security, or a related field. A master’s degree is a plus.

Preferred professional accreditation : CISSP (Certified Information System Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information System Auditor).

Minimum 7-10 years of experience in cybersecurity audit or a mix of experiences in cybersecurity audit and CISO’s office with majority time spent in cybersecurity audit, with at least 3-5 years in a leadership or management role.

Proven experience in cybersecurity audit role in financial services environment.

In-depth knowledge of cybersecurity frameworks, risk management practices, and regulatory requirements specific to the banking industry.

Strong leadership and team management capabilities.

Advanced knowledge of cybersecurity tools, technologies, and methodologies (e.g. firewalls, intrusion detection / prevention systems, SIEM, encryption)

Deep understanding of network architecture, encryption, access controls and identity management.

Strong analytical, problem solving and decision making skills.

Excellent communication and interpersonal skills, with the ability to convey technical information to non technical stakeholders.

#J-18808-Ljbffr