Position: IT Auditor (CISA/CISSP/CISM Qualified)
Location: Shah Alam
To provide independent and objective assurance to the Board and management with the objective that policies, procedures and operations that management put in place for risk management, control and governance are operating effectively and compliance is maintained with prescribed laws and listing requirements, and within the values and vision of Digi.
You are: (personality / competencies etc)
Motivated and passionate in driving performance and delivering quality work to maintain and/or enhance the organisation’s governance, risk and internal control framework.
Positive, energetic and able to engage with Senior Management and key stakeholders in the organisation.
Able to work well in teams, possess analytical and communication skills.
Your Responsibilities: (What is this role all about? What does the applicant have to do?)
Lead and/or participate in reviews based on the annual Audit Plan through understanding business processes, developing work programmes, conducting fieldwork and testing, benchmarking and evaluating processes for improvements, recommending solutions as well as presenting reports to Management.
Perform follow-up reviews and gather evidence where necessary in order to monitor and track the implementation of management’s corrective actions from previous reviews.
Assist and participate in the maintenance and execution of the continuous quality assurance and improvement programme in alignment with the IIA’s International Standards, and keeping abreast of industry best practices and relevant standards.
Assist in the planning and development of the annual risk-based Audit Plan.
Execute ad hoc requests and / or advisory services as required.
Your Merits: (these are must haves in terms of qualifications & experience & specific technical /professionals skills that you want from the applicant)
A Bachelor’s degree in Information Technology (IT) or its equivalent.
Possess relevant professional audit related certifications (e.g. CISA, CISSP & CISM.).
Experienced in risk-based audit with at least 5 years of IT experience and knowledge in internal audit functions or similar role. Preferably with work exposure in Telecommunications industry.
Knowledge of effective audit / review procedures, techniques and tools as well as effective internal control frameworks, including understanding of the International Professional Practices Framework (IPPF) and related standards.
Knowledge of IT risks, general controls, application controls, network security and cyber security, and experienced in performing data analysis using software tools (e.g. ACL, CaseWare IDEA) would be added advantage.
Experienced in auditing various operating systems, database software and application systems, and preferably with knowledge in telecommunications infrastructure.