Execution and reporting of IT Internal Audit activities.
Planning may include process narratives, flow charts and an audit program.
Execution of IT internal audit program with scope including but not limited to Information Security Management System (ISMS) referring to ISO 27001.
The execution includes, but not limited to, interview process with relevant personnel, identification of nonconformities, and identification of issues
Perform evaluation of internal controls testing, including test of design and test of effectiveness
Ensure that audit criteria are adequately satisfied, appropriate conclusions reached and issues are documented
Develop the audit result report and communicate the result to the management
Demonstrate ability to use standard Internal Audit techniques for information gathering, risk assessments, fieldwork and issues reporting
Demonstrate understanding of ISO 27001:2013 mandatory and annex controls which the IT security controls will be audited against
Participate in major business initiatives and proactively provide advice and assistance to the business on change initiatives
Participate in organization-wide risk assessment as required by the regulatory body
Perform ad hoc audit projects as assigned by the management whenever necessary
Perform action plans tracking with management to ensure that progress has been appropriately made to address issues, findings and nonconformities as the result of audit program execution.
Bachelor's degree or higher in IT, Engineering, or related majors.
3+ years of substantial internal and/or external IT audit experience
Strong in DevOps/ Network Skills
Knowledge around IT/cyber/information security framework which includes but not limited to ISO 27001, NIST CSF, CIS CSC, GDPR, HIPAA and PCI DSS.
Preferably CISA certified
Understanding of audit principle, methods and processes, according to but not limited to ISO 19011:2018
Strong leadership in managing projects and ability to develop and maintain relationships with personnel across departments and levels
Experience with effective interaction with the top management
Familiarity with risk-based and business process focused audit approach
Strong written and verbal communication skills
Ability to learn new technology concepts quickly, including the internal and internal issues that may arise, interested parties along with their needs and expectations, products and services.
Knowledge of applicable statutory and regulatory requirements and other requirements relevant to the business activities.