As Regional IT Auditor, you will add value and improve the bank’s Information Technology and Information Security operations by bringing an efficient and disciplined approach to the effectiveness of risk management, control, and governance processes. You will travel and work closely with internal audit counterparts on a regional scale to conduct audit visits. You will have the opportunity to work with the stakeholders to evaluate internal controls and providing recommendations to strengthen these processes.
The Regional IT Auditor will be responsible for conducting IT audits across the Asia Pacific region. This role focuses on evaluating the effectiveness of governance, risk management, and control processes within information technology environments across SMBC APAC offices.
Responsibilities
- Lead and/or execute Information Technology and Information Security audits independently and efficiently, which includes audit planning, key control evaluation and testing, report drafting, as well as follow-up and closure of issues. Perform these audit activities in accordance with the Bank's internal audit methodology.
- Assess the Bank's Information Technology and Information Security internal control environment to provide comprehensive insights into the current risk posture, identify potential vulnerabilities, and recommend strategic improvements. These recommendations aim to enhance the overall security framework and ensure compliance with regulatory requirements.
- Provide value-adding recommendations to management to address emerging issues or remediate identified weaknesses.
- Apply data analytics to assess the internal control environment.
- Establish and develop good working relationships with management of assigned Information Technology and Information Security functions, for which the candidate has been assigned risk assessment responsibilities.
- Contribute to the annual risk assessment exercise by developing a thorough understanding of the business strategy, plans, products, processes, performance, risks, and issues of the assigned Information Techology and information Security functions.
- Perform continuous monitoring on assigned Information Technology an Information Security functions to keep abreast on evolving markets, regulatory, business and operational changes to drive appropriate ongoing audit coverage.
- Perform continuous monitoring of assigned Information Technology and Information Security functions to stay informed about evolving markets, regulatory changes, business, and operational shifts. This ongoing monitoring helps drive appropriate audit coverage.
- Keep abreast of regulatory changes and industry best practices in Asia Pacific region (e.g. Singapore, Australia, India, Seoul, Taiwan, Vietnam, Thailand, etc).
- Participate in the team’s strategic initiatives and projects as opportunities arise.
Requirements
- Minimum of 6 years of experience in IT audit, preferably in a financial services environment. Experience in the APAC region is highly desirable.
- CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), or equivalent preferred.
- Familiar with the regulatory requirements specific to technology risk management in Asia Pacific (e.g. MAS, RBI, APRA, SBV, etc ).
- Familiar with execution of risk-based audit approach.
- Strong understanding of IT audit methodologies, cybersecurity controls, frameworks (e.g., COBIT, ISO 27001, NIST), and ITGC (IT General Controls).
- Proficient in both spoken and written English.
- Good interpersonal and stakeholder management skills.
- Good team player as well as able to work independently.
- Meticulous, disciplined and self-motivated individual with the passion to pursue excellence.
