Job Brief:
We are seeking an IT/IS & Operations Internal Auditor to support the Director of Internal Audit in delivering internal audit services across the Group. The successful candidate will possess a good knowledge of operations, IT/IS controls and relevant frameworks, including COBIT 2019 Framework, COSO Internal Control Framework, IIA Global Internal Audit Standards and other relevant frameworks. Prior Real Estate Development business experience would be a bonus
Responsibilities:
Conduct IT and Operational Audits: Perform risk-based audits covering IT systems, cybersecurity, operational processes, and compliance with policies, regulations, and industry standards. Assess Internal Controls and Risk Management: Evaluate the effectiveness of risk management frameworks, internal controls, and governance processes across IT and operational functions. Cybersecurity & IT Audits: Execute cybersecurity incident response reviews, IT governance assessments, and audits on IT general controls (ITGCs), system access, and data security. Audit Planning & Execution: Conduct the full audit cycle, including planning/ audit programs, fieldwork, reporting, and follow-ups, ensuring alignment with audit methodologies and regulatory requirements. Data Analysis & Documentation: Collect, analyze, and interpret operational and IT-related data, process flowcharts, system documentation, and prior audit findings to identify trends and anomalies. Reporting & Recommendations: Prepare clear, concise audit reports with actionable recommendations to mitigate risks, improve operational efficiency, and enhance IT security. Follow-Up & Continuous Improvement: Monitor management’s corrective actions and perform follow-up audits to assess the effectiveness of remediation efforts. Stay Updated on Industry Best Practices: Continuously develop knowledge of emerging technologies, regulatory changes, cybersecurity threats, and evolving audit techniques.
Qualifications & Skills:
• Education: Bachelor’s degree in information systems, Computer Science, or a related field. • Certifications (Highly Preferred): CISA, CRISC, CISSP, CISM, CPA, CIA, or equivalent. • Experience: Minimum 4–7 years of experience in IT audit, operational audit, risk management, or cybersecurity. • Technical Knowledge: o Strong understanding of IT general controls (ITGCs), application controls, cybersecurity frameworks (e.g., NIST, ISO 27001), and cloud security. o Familiarity with enterprise systems (e.g., SAP, Oracle, Microsoft Dynamics) and emerging technologies (e.g., AI). o Experience in IT governance, data analytics, and IT risk assessments.
. Operations & Business Acumen: o Strong grasp of operational risks, internal controls, and business process reviews across different functions (e.g., finance, supply chain, HR). o Understanding of ERP systems and business continuity planning (BCP). o Experience aligning IT risks with business strategy.
. Analytical & Critical Thinking Skills: o Ability to assess complex systems and provide practical risk-based recommendations. o Strong data analysis and visualization skills (e.g., using Power BI, ACL).
. Soft Skills: o Effective communication skills to engage with both technical and non-technical stakeholders. o Ability to write clear, concise, and insightful audit reports. o Strong ethical judgment and professional skepticism.