Audit Manager, Information and Cybersecurity

  • Competitive
  • Kuala Lumpur, Malaysia
  • Permanent, Full time
  • Standard Chartered Bank Malaysia Berhad
  • 17 Dec 17 2017-12-17

Audit Manager, Information and Cybersecurity

Job Purpose:

  • To act as team member for assigned audit work and potentially lead the more complex audits such as cross-functional and multi-location high risk audits.
  • To ensure that assigned audit work is executed in an efficient and effective manner, within the given budget and timelines, and in line with GIA methodology standards.
  • To apply expert auditing skills and relevant business, technical and risk management knowledge to the assigned audits.
  • To provide guidance to team leaders and team members to execute the assigned audit work.
  • The individual may support the Head of Audit (HOA) in their role as the GIA portfolio/country subject matter expert, depending on the skills of the individual.
  • To actively manage relationships with senior auditee management and stakeholders.
  • To support GIA audit teams by providing product/country knowledge and expertise for their audits relating to the individual's area of expertise.
  • To provide ongoing continuous monitoring support to HOAs.

Key Roles and Responsibilities

  • Support the HOA where required, in the development of the GIA risk assessment and development of an appropriate audit plan for the HOA's assigned portfolio.
  • Support the HOA to ensure that audits assigned to the individual in the GIA audit plan address the key risks identified in the detailed risk assessment and in the audit planning process, and meet relevant regulatory requirements and expectations that are required to be covered by GIA.
  • Ensure that the assigned audit plan remains relevant throughout the year as the risk profile of the business changes. Propose changes as appropriate.
  • Ensure that GIA operates in line with the Audit Charter, remains independent from management and free from interference.
Business (Budget)
  • Assist the HOA to effectively manage the cost of assigned audits within the allocated budget for audit engagements.
  • Identify and implement opportunities for cost savings and optimal productivity of assigned audit engagements.
Audit Delivery
  • Participate as team member for assigned audit work and potentially lead the more complex audits such as cross-functional, multi-location and hubbed business high risk audits.
  • Ensure that audit deliverables meet quality standards and timelines in line with the GIA methodology.
  • Participate in creating the Audit Planning Memo, Process Risk Control Matrix and Terms of Reference.
  • Provide input on business/information security/audit technical knowledge and management skills to team leaders and team members to enable them to effectively deliver their assigned contributions for an audit.
  • Review audit work performed during the course of the audit to ensure effective execution and maintenance of quality standards.
  • Ensure GIA methodology is adhered to in all areas of the audit engagement, as well as raising team members' awareness and understanding of the methodology.
  • Have sound knowledge of both business/technical areas and expert knowledge in the audit process, including the GIA system, to ensure that audit work is carried out to a high standard that meets all methodology and GIA system requirements.
  • Help draft the report in the GIA report review process.
  • Monitor the implementation/delivery of the agreed issues/audit plans for the audits assigned, understanding the key risks arising, provide advice on resolution of issues to auditees/action plan owners and escalate audit findings that remain unresolved.
Risk Assessment
  • Support the HOA to update the relevant assigned Product/Country risk assessments on a regular basis to ensure that changes in risk profiles are identified in a timely manner, proposing changes to the assigned audit plan to the HOA, as appropriate.
  • Ensure early identification and escalation of risks, issues, trends and developments to relevant stakeholders. Be prepared to raise issues/concerns outside the normal audit process.
  • Engage with the respective HOA and business stakeholders on the status of rollout of the Operational Risk Framework and ongoing effectiveness of ORMAF/ORF.
  • Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment to improve audit planning.
  • At the request of the HOA, attend relevant Product/Country meetings (e.g. PGC, BORF, CORC) to keep up-to-date on key business matters and provide the right challenge to ensure risks are appropriately identified, discussed and timely remediation plans are put in place.
  • Review Product/Country related MI and reports regularly to keep up-to-date with key trends within the business.
  • Engage the GIA portfolio champions to update the permanent audit file within 4 weeks of the end of an audit.
Stakeholder Management
  • Establish and maintain effective working relationships with the management of business units which fall under risk assessment responsibility. Such that regular positive feedback is received from stakeholders and auditees in relation to the appropriateness of issues raised and contribution to discussions/forums attended.
People and Talent
Group-standard responsibilities and accountabilities:
  • Lead through example and build the appropriate culture and values. Set appropriate tone and expectations.
  • Ensure that training requirements are fulfilled.
GIA-specific responsibilities and accountabilities:
  • Influence change within the business.
  • Provide written performance feedback to team leaders at the end of an audit. Review and agree the feedback provided by the team leader to team members.
  • Support the HOA to proactively spot talent for GIA.
  • Communicate with stakeholders and external parties, and update the assigned Product/Country risk assessments on a regular basis, where appropriate, to ensure that changes in risk profiles are identified in a timely manner. Propose changes to audit plans to the HOA, as appropriate, to ensure the audit plan remains relevant.
  • Lead by example on how to communicate audit-related matters and resolve any conflict between auditors and auditees during the course of an audit. Use networks and relationships to build engagement and achieve results.
  • Assist the HOA/ to manage the relevant Product/Country stakeholders, as appropriate, and establish good working relationships to help the businesses improve the control environment and keep updated with changes in the business impacting their risk profile.
  • Conduct/attend regular meetings with assigned business stakeholders.
  • Provide stakeholders (approved by the HOA/line manager) with a single point of contact for the assigned portfolio. Provide regular value added reports and updates, as appropriate, on risk trends, emerging risks and GIA's opinion on the state of the control environment.
  • Ensure clear communication of findings/issues/root causes to all relevant stakeholders and monitor/escalate any overdue actions plans to the appropriate business manager and/or governance committee for resolution.
  • Apply a high level of attention to detail to ensure audit reports are accurate, clear and articulate key risks, root causes and impact.
  • Support the team leader by attending and managing debriefs with auditee management at the end of an audit.
  • Ensure timely escalation of delays in conforming to methodology standards, both to auditee management and GIA management.
  • Develop an external network through participation in external and professional forums.
  • Provide input to GIA audit teams for the assigned portfolio and audits on the scope, risks, findings and audit reports for audits managed.
  • Continuously educate the business and stakeholders on the audit process to enable auditees to have a better understanding of the role and operation of GIA, with the aim of further building relationships and improving audit efficiency.
Risk Management
  • GIA acts as the third line of defence under the Risk Management Framework and provides independent assurance of the effectiveness of management's control of business activities (the first line) and of the processes maintained by the Risk Control Functions (the second line). GIA provides risk-based assurance that the system of control is working as required by the Risk Management Framework.
  • GIA staff shall have no direct operational responsibility or authority over any of the activities subject to Internal Audit's review. The Group Head, Internal audit is also responsible for ensuring that no staff in the function carry out any activity which may jeopardise their independence.
  • Ensure compliance with the highest standards of regulatory conduct and compliance practices as defined by internal and external requirements.
  • Adopt the Group's values and code of conduct in GIA to ensure adherence with the highest standards of ethics and compliance with relevant policies, processes and regulations.
Regulatory & Business conduct
  • Display exemplary conduct and live by the Group's Values and Code of Conduct.
  • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
  • Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Key Stakeholders
  • Designated business stakeholders, typically related to individual audit assignments and the assigned portfolio
  • GIA stakeholders - team leaders, team members and fellow team managers, Product, Functional, Country and Regional Heads of Audit.
Other Responsibilities
  • Embed "Here for good" and Group's brand and values in GIA.
  • Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures.

Qualifications and Skills

  • An experienced career auditor (internal or external) or a business person with a minimum of 7 years' relevant information and cybersecurity experience in audit, governance, risk or in a business environment.
  • Understanding of business strategy, plans, products, performance and related issues.
  • Strong communicator, both written and verbal, with ability to influence.
  • Confident and courageous to raise/escalate issues in a proactive, professional and timely manner.
  • Proactive, self-directed and able to work with minimum supervision.
  • Demonstrate understanding of and commitment to the Group's core values.
  • Professional audit certification preferred.

Diversity and Inclusion

Standard Chartered is committed to diversity and inclusion. We believe that a work environment which embraces diversity will enable us to get the best out of the broadest spectrum of people to sustain strong business performance and competitive advantage. By building an inclusive culture, each employee can develop a sense of belonging, and have the opportunity to maximise their personal potential.