Role Purpose and Context
Lead and carry out complex technology internal audit assignments, investigations, forensics, and advisory activities ensuring the work is carried out with professional care and in accordance with the appropriate standards. These different activities involve leading or conducting projects in the internal audit, compliance audit, investigations, and advisory on technology domain. In addition, the role provides significant input to the preparation of Annual Internal Audit Plan and contributes significantly in the follow-up audit with management.
Qualification:
- Under or post graduate degree in Management Information Systems (MIS), Computer Science, Telecom / Computer Engineering, or equivalent from a reputable educational institute.
- Certification in at least one area, e.g., Certified Information System Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified in Governance of Enterprise IT (CGEIT), IT Infrastructure Library (ITIL), Certified Information Systems Security Professional (CISSP) is preferred.
- Commencement towards post-graduate related field or profession (e.g., IT and/or network auditing, fraud auditing and computer forensics) will be viewed favourably.
Experience:
- 5 years Minimum experience in IT and/or network auditing with telecommunications audit background or in Information Technology, e.g., architecture, planning, development, operations, risk, audit, advisory.
- Preferable to have experience in Computer Assisted Audit Technique (CAAT), e.g., Audit Command Language (ACL) and Audit Management System (AMS).
- International Professional Practices Framework (IPPF) from Institute of Internal Auditors (IIA).
- Knowledge of Control Objectives for Information and Related Technology (COBIT) 5 from Information Systems Audit and Control Association (ISACA).
- Deep knowledge of the ISACA Information System standards, guidelines and code of ethics.
- Knowledge of Enhanced Telecommunication Map (eTOM) Business Process Framework from Telecommunication Management (TM) Forum.
- Advanced knowledge of Information Technology infrastructure for telecommunication companies.
- Project management, quality control review and planning experience.
- Information system security experience.
- Knowledge of management information systems terminology, concepts, and practices.
- Knowledge of IT security best practices (Such as ISO 27001).
- Familiarity with the common indicators of fraud.
- Knowledge of industry best practices policies, procedures, regulations, and laws.
- Considerable knowledge of distributed technology (i.e., Unix/Linux and Windows), Web-based technology, and basic infrastructure control issues.
Skills:
- Analytical and evaluation skills.
- Effective communication and interpersonal skills, including report writing and presentation skills for presenting findings and recommendations for improvement.
- Fluent verbal and written communication in English.
- Team orientation.
- MS Office.
- Possess detailed technical skills in at least one platform (Unix/Linux, Windows, Solaris).
- Ability to operate in a diverse multicultural, multinational work environment, exhibiting appropriate sensitivities.
