Technology Audit Manager

Get to know our Team:

• Internal Audit is an independent function (3rd line of Defence) within GXS Bank that provides an objective assurance and advisory role to senior management.
• We use a systematic, disciplined risk-based approach to evaluate and assess risks, processes and internal controls, while aligning them to the Bank’s overall digital strategy. 
• Internal Audit covers multiple businesses and technology functions within the Bank. 

Get to know the Role:

• You report to the Head of Technology Audit at GXS Bank, which is part of the IT/ Technology audit team. 
• As an Technology Audit Manager, you are primarily responsible for executing all audits and risk advisory activities pertaining to IT/Technology (Applications & Infrastructure), Cyber Security, Data Governance & Engineering and Technology Products at GXS.
• We seek a candidate who brings excellent audit and risk advisory experience to support the Technology Audit team, in a fast-paced and dynamic environment.
• You effectively plan, manage and execute audits, including the design of audit test steps to evaluate the risks associated with (but not limited to) governance, business management, financial, operational, regulatory, and business continuity.
• You maintain well documented audit work papers including supporting documents/ evidence in the GRC system, which are subject to regular internal quality assurance review. 
• You are able to execute and complete audit projects by adhering to audit methodology, key phases and assigned timelines.
• You are able to keep abreast of MAS regulations on IT-related guidelines and cyber hygiene relating to FIs and banks.
• You are familiar with current technology tools (e.g. Power BI & Tableau) and well versed in data analytic initiatives (rule-based/ ML) and business priorities (with associated emerging/ inherent/ residual risks), so as to translate them into automated audit test steps using data to enhance audit focus on control design assessment and targeted sampling.

The day-to-day activities:

• Support the Head of Technology Audit as part of the Audit team.
• Plan and perform risk-based assessments, focusing on all risks arising from the Technology, Cyber Security, Data Governance & Engineering and Products. 
• Execute audit reviews and fieldworks, including work paper documentation, drafting of audit findings and leading the issue discussion internally and with stakeholders.
• Assist to draft audit reports and participate in the presentation of audit findings.
• Ensure effective and timely execution of audit projects in accordance with audit methodology and timelines. 
• May be required to participate/ support in ad-hoc projects, special thematic review or special independent investigation. 
• Build and maintain healthy relationships with different levels of management, stakeholders, and be a trusted risk advisor on control related matters.
• Actively participate in driving data analytics capabilities including the maintenance of audit workflow system (i.e. GRC), so as to improve the effectiveness of Internal Audit. 

The must haves:

• Bachelor's degree in Computer Science/ Information System (or equivalent) or higher from a globally recognized university
• Related certifications (i.e. CISA, CISSP, CIA, AWS Certification or similar) are preferred
• Minimum 8 years of audit experience in IT/ Technology, Information Management, Digital Channel and Cyber & Security Risk Management

• Strong knowledge of MAS Technology Risk Management (TRM) Guidelines 
• Highly competent with IT audit methodologies and concepts; including the agile audit methodology
• Good understanding of IT-related and technology products in the digital banking space. 
• Familiar with modern and emerging technology techniques and possess an interest to stay abreast of industry developments (e.g. DevOps, Cloud, APIs, service-oriented architectures etc).
• SME’s knowledge regarding technology application process/ control disciplines, consumer banking control processes, digital channels and products. 
• An excellent team player 
• Confidence in dealing with senior stakeholders particularly the Management Committee and Board Audit Committee is a plus
• Able to work independently and possess the courage to challenge risk-decisions made by senior stakeholders, from a 3rd line of defence perspective
• Well-developed communication and interpersonal skills
• Good analytical, presentation and report writing skills

• Located in Singapore, and ability to travel for work when required is a plus