Senior Audit Manager, Information & Cyber Security  …

LMA Recruitment
in Kuala Lumpur, Kuala Lumpur, Malaysia
Permanent, Full time
Last application, 12 Mar 20
LMA Recruitment
in Kuala Lumpur, Kuala Lumpur, Malaysia
Permanent, Full time
Last application, 12 Mar 20
Standard Chartered Bank Malaysia Berhad in Kuala Lumpur, Kuala Lumpur, Malaysia Permanent, Full time Senior Audit Manager, Information & Cyber Security About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East. To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.

~~The Role Responsibilities

To act as team manager for Information & Cyber Security (ICS) assigned audit work and lead the more complex audits such as cross-functional and multi-location high risk audits . Also, maintain stakeholder relationships with the purpose of understanding the respective businesses, identify emerging cyber risks and advise on Audit top risk & concerns.


• Support the Head of Audit (HOA), in the development of the GIA risk assessment and development of an appropriate audit plan for the Information & Cyber Security (ICS) portfolio.
• Support the HOA to ensure that audits assigned to the individual in the GIA audit plan address the key risks identified in the detailed risk assessment and in the audit planning process, and meet relevant regulatory requirements and expectations that are required to be covered by GIA.
• Ensure that the assigned audit plan remains relevant throughout the year as the ICS risk profile of the business changes, and propose changes as appropriate.
• Ensure that GIA operates in line with the Audit Charter, remains independent from management and free from interference.
Business (Budget)

• Assist the HOA to effectively manage the cost of assigned audits within the allocated budget for audit engagements.
• Identify and implement opportunities for cost savings and optimal productivity of assigned audit engagements.

• Support development of the Information and Cyber Security audit plan through risk assessment and top-down approach based on the inherent risks and knowledge of the risk profiles.
• Oversee the implementation and execution of the agreed audit plan and facilitate collaboration with the country audit and other functional audit teams to achieve a holistic approach to the assessment of risks and development of audit plan / strategy.
• Ensure audit activity in the Information and Cyber Security audit portfolio is sufficient to meet the requirements of regulators and Audit Committee if applicable.
• Embed a strong understanding and discipline of implementation of GIA methodology in the team.
People and Talent

• Apply Cyber Security experience and skill to share knowledge within GIA.
• Lead through example and employ the appropriate culture and values. Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.
• Demonstrate strong leadership and ability to motivate and guide audit team leaders and members.
• Influence change within the business.
• Ensure correct capacity planning for assigned audits to ensure optimal productivity of the team.
• Provide written performance feedback to team leaders at the end of an audit. Review and agree the feedback provided by the team leader to team members.
• Facilitate the development of direct reports and audit team members by providing on the job training and recommending formal training to support GIA activities.
• Support the HOA to proactively spot talent for GIA.
• Assist the HOA to manage the relevant ICS stakeholders, establish good working relationships to help the businesses improve the control environment, and keep updated with changes in the business impacting their risk profile.
Risk Management

• Assist in identifying, assessing, monitoring, controlling and mitigating technology risks to the Group.
• Also, maintain awareness and understanding of the main risks facing the Group and the role the individual plays in managing them.
• Adopt an anticipatory approach to risk assessment through stakeholder communication and monitoring of the external environment to improve audit planning.

• Responsible for assessing the effectiveness of the Group's arrangements to deliver effective governance, oversight and controls in the business and, if necessary, oversee changes in these areas.
• Awareness and understanding of the regulatory framework in which the Group operates, and the regulatory requirements and expectations relevant to the role.
• Responsible for delivering 'effective governance'; capability to challenge fellow executives effectively; and willingness to work with any local regulators in an open and cooperative manner.
Regulatory & Business conduct

• Display exemplary conduct and live by the Group's Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Support the Information and Cyber Security audit portfolio to achieve the outcomes set out in the Bank's Conduct Principles: Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Prevention; The Right Environment.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Key Stakeholders

• Designated business stakeholders, typically related to individual audit assignments and the Information & Cyber Security portfolio.
• GIA stakeholders - team leaders, team members and team managers, Product, Functional, Country and Regional Heads of Audit.
• Regulators.
• External Auditors / Professional Services Companies.
Other Responsibilities

• Embed Here for good and Group's brand and values in Group Internal Audit.
• Perform other responsibilities assigned under Group, Country, Business or Functional policies and procedures.

Our Ideal Candidate

• Significant experience within the banking and financial services industry, focusing on the information and cyber security domain.
• Experienced career internal (or external) auditor, or experienced information and cyber security professional with deep subject matter expertise/knowledge.
• Industry wide knowledge of enterprise security architecture and information/cyber security concepts for global banking and financial institutions.
• Up to date with key regulation / developments in Information and Cyber Security Management Framework (including Technology Risk Management).
• Knowledge of Banking controls and processes.
• Ability to perform the role of 'Change Leader'.
• Strong communicator, both written and verbal, with an ability to influence and an ability to gain the respect of senior management, regional stakeholders, peers and their teams.
• Confident and courageous to raise/escalate issues in a pro-active, professional and timely manner.
• Demonstrate understanding of and commitment to the Group's core values.
• University degree and professional certification (such as CISA, CISSP, or CISM) preferred.
• Fluency in English.
• Ability to commit up to 10% business travel.
• Self-directed and able to work with minimum supervision.

Reporting Relationships

Reports Directly to: Head of Audit, Information and Cyber Security
Direct Reports: Audit Managers (where applicable)
Matrix/Dual reports: Not Applicable
Indirect Reports: Where performing Team Manag er role on an audit assignment, will have supervisory responsibility for all auditors.

LMA Recruitment Singapore Pte Ltd (EA Licence No. 11C4684)
(EA Reg no: R1216327)