Senior Audit Manager, Information & Cyber Security

  • Competitive
  • Kuala Lumpur, Malaysia
  • Permanent, Full time
  • Standard Chartered Bank Malaysia Berhad
  • 19 Oct 17 2017-10-19

Senior Audit Manager, Information & Cyber Security

  • To act as team manager for assigned audit work and potentially lead the more complex audits such as cross-functional and multi-location high risk audits.
  • To ensure that assigned audit work is executed in an efficient and effective manner, within the given budget and timelines, and in line with GIA methodology standards.
  • To apply expert auditing skills and relevant business, technical and risk management knowledge to the assigned audits.
  • To provide guidance to team leaders and team members to execute the assigned audit work.
  • The individual may support the HOA in their role as the GIA portfolio/country subject matter expert, depending on the skills of the individual. This will include contributing to the GIA risk assessment and development of an appropriate audit plan for the HOA/'s assigned portfolio.
  • To actively manage relationships with senior auditee management and stakeholders.
  • To support GIA audit teams by providing product/country knowledge and expertise for their audits relating to the individual's area of expertise.
  • To provide ongoing continuous monitoring support to HOAs in respect of the business and raise issues and observations outside of formal audit work to expedite rectification of control weaknesses (where appropriate).
  • To attend and present at formal committees and Group meetings on behalf of the line manager, as required.

Key Roles and Responsibilities

  • Support the HOA where required, in the development of the GIA risk assessment and development of an appropriate audit plan for the HOA's assigned portfolio.
  • Support the HOA to ensure that audits assigned to the individual in the GIA audit plan address the key risks identified in the detailed risk assessment and in the audit planning process, and meet relevant regulatory requirements and expectations that are required to be covered by GIA.
Business (Budget)
  • Assist the HOA to effectively manage the cost of assigned audits within the allocated budget for audit engagements.
  • Identify and implement opportunities for cost savings and optimal productivity of assigned audit engagements.
Audit Delivery
  • Participate as team manager for assigned audit work and potentially lead the more complex audits such as cross-functional, multi-location and hubbed business high risk audits.
  • Provide clear guidance, detailed review and supervision of the audit team's work to ensure that audit deliverables meet quality standards and timelines in line with the GIA methodology.
  • Review and recommend approval to the HOA of the audit scope (including the Audit Planning Memo, Process Risk Control Matrix and Terms of Reference) proposed by the team leader.
  • Provide guidance on business/information security/audit technical knowledge and management skills to team leaders and team members to enable them to effectively deliver their assigned contributions for an audit.
  • Review audit work performed by team members during the course of the audit to ensure effective execution and maintenance of quality standards.
  • Ensure GIA methodology is adhered to in all areas of the audit engagement, as well as raising team members' awareness and understanding of the methodology.
  • The audit manager is expected to have sound knowledge of both business/technical areas and expert knowledge in the audit process, including the GIA system, to ensure that audit work is carried out to a high standard that meets all methodology and GIA system requirements.
  • Take the lead in presenting the draft report in the GIA report review process (to the report review group or report approver).
  • Monitor the implementation/delivery of the agreed issues/audit plans for the audits assigned, understanding the key risks arising, provide advice on resolution of issues to auditees/action plan owners and escalate audit findings that remain unresolved.
Risk Assessment
  • Support the HOA to update the relevant assigned Product/Country risk assessments on a regular basis to ensure that changes in risk profiles are identified in a timely manner, proposing changes to the assigned audit plan to the HOA, as appropriate.
  • Ensure early identification and escalation of risks, issues, trends and developments to relevant stakeholders. Be prepared to raise issues/concerns outside the normal audit process.
  • Engage with the respective HOA and business stakeholders on the status of rollout of the Operational Risk Framework and ongoing effectiveness of ORMAF/ORF.
  • Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment to improve audit planning.
  • At the request of the HOA, attend relevant Product/Country meetings (e.g. PGC, BORF, CORC) to keep up-to-date on key business matters and provide the right challenge to ensure risks are appropriately identified, discussed and timely remediation plans are put in place.
  • Review Product/Country related MI and reports regularly to keep up-to-date with key trends within the business.
  • Engage the GIA portfolio champions to update the permanent audit file within 4 weeks of the end of an audit.
Stakeholder Management
  • Establish and maintain effective working relationships with the management of business units which fall under risk assessment responsibility. Such that regular positive feedback is received from stakeholders and auditees in relation to the appropriateness of issues raised and contribution to discussions/forums attended.
People and Talent
G roup-standard responsibilities and accountabilities:
  • Lead through example and build the appropriate culture and values. Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.
  • Ensure the provision of ongoing training and development of people, and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.
GIA-specific responsibilities and accountabilities:
  • Demonstrate strong leadership and ability to motivate and guide audit team leaders and members.
  • Influence change within the business.
  • Ensure correct capacity planning for assigned audits to ensure optimal productivity of the team.
  • Provide written performance feedback to team leaders at the end of an audit. Review and agree the feedback provided by the team leader to team members.
  • Facilitate the development of direct reports and audit team members by providing on the job training and recommending formal training to support GIA activities.
  • Support the HOA to proactively spot talent for GIA.
  • Communicate with stakeholders and external parties, and update the assigned Product/Country risk assessments on a regular basis, where appropriate, to ensure that changes in risk profiles are identified in a timely manner. Propose changes to audit plans to the HOA, as appropriate, to ensure the audit plan remains relevant.
  • Conduct/attend regular meetings with assigned business stakeholders.
  • Ensure clear communication of findings/issues/root causes to all relevant stakeholders and monitor/escalate any overdue actions plans to the appropriate business manager and/or governance committee for resolution.
  • Apply a high level of attention to detail to ensure audit reports are accurate, clear and articulate key risks, root causes and impact.
  • Continuously educate the business and stakeholders on the audit process to enable auditees to have a better understanding of the role and operation of GIA, with the aim of further building relationships and improving audit efficiency.
Risk Management
  • GIA acts as the third line of defence under the Risk Management Framework and provides independent assurance of the effectiveness of management's control of business activities (the first line) and of the processes maintained by the Risk Control Functions (the second line). GIA provides risk-based assurance that the system of control is working as required by the Risk Management Framework.
  • GIA staff shall have no direct operational responsibility or authority over any of the activities subject to Internal Audit's review. The Group Head, Internal audit is also responsible for ensuring that no staff in the function carry out any activity which may jeopardise their independence.
  • Ensure compliance with the highest standards of regulatory conduct and compliance practices as defined by internal and external requirements.
Regulatory & Business conduct
  • Display exemplary conduct and live by the Group's Values and Code of Conduct.
  • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

Qualifications and Skills

  • An experienced career auditor (internal or external) or a business person with a minimum of 7 years relevant information and cyber security experience in audit, governance, risk or in a business environment;
  • Understanding of business strategy, plans, products, performance and related issues at the business unit level;
  • Strong communicator, both written and verbal;
  • Confident and courageous to raise/escalate issues in a proactive, professional and timely manner;
  • Proactive, self-directed and able to work with minimum supervision;
  • Ability to manage an audit team, including multi-functional and cross-border teams;
  • Professional audit certification preferred;
  • Ability to commit to 20-30% business travel; and
  • Ability to perform the role of Change Leader.

Diversity and Inclusion

Standard Chartered is committed to diversity and inclusion. We believe that a work environment which embraces diversity will enable us to get the best out of the broadest spectrum of people to sustain strong business performance and competitive advantage. By building an inclusive culture, each employee can develop a sense of belonging, and have the opportunity to maximise their personal potential.