Audit Lead, Cyber Security

Objective:

• Assist the Functional Area Head in the execution of the approved audit plan / other assignments and in coaching team members.
• Develop audit plans to assess the adequacy of cybersecurity controls designed to protect sensitive data and systems from internal and external threat, identify gaps and provide recommendations for improvements.
• Perform cybersecurity audits including audits of security programs, vulnerability assessments, network security, incident response, access management and third party risk management.
• Provide insights into areas of potential vulnerability and recommend corrective action.
• Keep up to date with industry trends, regulatory changes and emerging cybersecurity threats.

Responsibilities:

• Plan, execute and manage the risk-based audit assignments as per the Audit Plan to ensure the audit fulfil the approved audit objectives and audit scope and the standards as prescribed in the Audit Methodology.
• Monitor audit assignment to ensure completion of each audit within the budgeted timeline, manpower resources and cost allocation.
• Review the draft audit findings, root causes and recommendations for each audit assignment to ensure that they are appropriate for discussion with the line management.
• Attend the end-of-audit discussion with the auditees to confirm the draft audit findings, root causes and recommendations.
• Review the draft audit reports to ensure that all significant audit findings with their risk /impact identified and the underlying root causes are reported with appropriate audit recommendations in order to strengthen the existing internal controls.
• Monitor and follow-up with auditees timely on the implementation status of the audit recommendations with regard to audit finding raised, and follow-up on matters arising from deliberation of the audit reports at the MAC meeting.
• Conduct special review, ad-hoc assignment and investigation as directed by superior within the allocated time, resources and cost.
• Review new/ updated policies, procedures and processes to ensure appropriate internal controls are incorporated.
• Perform timely review of the Electronic Working Paper (EWP) of subordinates and ensure proper completion of audit documentation in the Audit Management System (AMS) for every audit assignment.
• Review the Audit Programs and ensure timely updated with the relevant guidelines and changes in processes as well as adequacy of scope and coverage.
• Motivate, coach and provide on-the-job training to subordinates and to enhance the quality of work and deliverables by the staff.
• Attend the Group's project meeting where required and provide recommendations on key controls to be considered upfront by Management.
• Assist the FA Head in the preparation of the Annual Audit Plan including carrying out risk assessment exercise on all the audit universe.
• Perform any other duties as assigned by the superior.

Requirements:

• Bachelor's Degree in Computer Science, Information Security, or a related field. A master's degree is a plus.
• Preferred professional accreditation: CISSP (Certified Information System Security Professional), CISM (Certified Information Security Manager), CISA (Certified Information System Auditor).
• Minimum 7-10 years of experience in cybersecurity audit or a mix of experiences in cybersecurity audit and CISO's office with majority time spent in cybersecurity audit, with at least 3-5 years in a leadership or management role.
• Proven experience in cybersecurity audit role in financial services environment.
• In-depth knowledge of cybersecurity frameworks, risk management practices, and regulatory requirements specific to the banking industry.
• Strong leadership and team management capabilities.
• Advanced knowledge of cybersecurity tools, technologies, and methodologies (e.g. firewalls, intrusion detection/prevention systems, SIEM, encryption)
• Deep understanding of network architecture, encryption, access controls and identity management.
• Strong analytical, problem solving and decision making skills.
• Excellent communication and interpersonal skills, with the ability to convey technical information to non technical stakeholders.