Head of Technology Audit

Get to know our Team:

• Internal Audit is an independent function (3rd line of Defence) within GXS Bank that provides an objective assurance and advisory role to senior management.

• We use a systematic, disciplined risk-based approach to evaluate and assess risks, processes and internal controls, while aligning them to the Bank’s overall digital strategy. 

• Internal Audit covers multiple businesses and technology functions within the Bank. 

Get to know the Role:

• You report directly to the Head of Internal Audit at GXS Bank.

• As the Head of Technology Audit, you are primarily responsible for managing all audits and risk advisory activities pertaining to IT/Technology (Applications & Infrastructure), Cyber Security, Data Governance & Engineering and Technology Products at GXS.

• We seek a candidate who brings excellent audit and risk advisory experience to lead the Technology Audit team, in a fast-paced and dynamic environment.

• You shall develop the scope of work in accordance with established policies, procedures, laws and regulations, which entails the examination and evaluation of all functions and activities that are assigned to you.

• You effectively plan, manage and perform the full audit cycle starting from annual audit planning, scoping and developing work programmes to evaluate the risks associated with governance, operational, regulatory, and business continuity. 

• Keep abreast of MAS regulations on IT-related notices, guidelines and cyber hygiene relating to financial institutions.

• You are familiar with current technology tools and well versed in leveraging and deploying AI on corporate governance, risk management and internal audit.  Able to translate and automate audit test steps by using data to enhance audit focus on control design assessment/ testings. 

The day-to-day activities:

• Support the Head of Internal Audit as part of the Core Internal Audit Management Team.

• Lead the Technology Audit team and provide guidance and coaching to the team.

• Lead discussions and present audit findings to key stakeholders/ senior management.

• Review/ prepare audit reports. 

• Lead/ participate in ad-hoc projects or special independent investigations. 

• Escalate material / significant audit findings to the Board Audit Committee or senior management on a timely basis (if required). 

• Build and maintain healthy relationships with senior levels of management, stakeholders, and be a trusted risk advisor on control-related matters.

• Develop and evolve the AI/ data analytics capabilities, so as to improve the effectiveness of Internal Audit. 

The must haves:

• Bachelor's degree in Computer Science/ Information System (or equivalent) or higher from a globally recognized university.  

• Related certifications (i.e. CISA, CISSP, CIA, AWS Certification or similar) are preferred.

• Minimum 15 years of audit experience in IT/ Technology, Information Management, Digital Channel and Cyber & Security Risk Management.  

• Strong knowledge of MAS Technology Risk Management (TRM) Guidelines 

• Highly competent and possesses a good understanding of IT-related and technology products in the digital banking space. 

• Familiar with modern and emerging technology techniques and possess an interest to stay abreast of industry developments (e.g. DevOps, Cloud, APIs, service-oriented architectures etc).

• SME’s knowledge regarding technology application process/ control disciplines, banking control processes, digital channels and products. 

• Possess strong leadership skills, analytical, and confident in dealing with regulators, senior stakeholders particularly the Management Committee and Board Audit Committee. 

• Take accountability and possess the courage to challenge risk-decisions made by senior stakeholders, so as to uphold the value of integrity and objectivity, and be able to discharge responsibility independently. 

• Well-developed verbal and written communication, as well as interpersonal skills.

• Ability to lead and manage a team of internal auditors, locally and regionally (if required).