A top company in the Energy and Chemical Industry is seeking a highly skilled and experienced Senior IT Auditor with a strong background in Cyber Security to join their dynamic team. As a Senior IT Auditor – Cyber Security, you will play a key role in evaluating and enhancing the security of our IT systems and processes.

Key Responsibilities:

• Cyber Security Auditing: Conduct comprehensive audits of our IT systems, processes, and procedures to identify vulnerabilities and assess their effectiveness in safeguarding sensitive data and systems.
• Risk Assessment: Evaluate the organization’s exposure to cybersecurity risks and develop strategies for risk mitigation.
• Technical Expertise: Apply in-depth technical knowledge in assessing and improving the security of IT systems, devices, applications, and methods.
• Security Frameworks: Utilize knowledge of industry-standard security frameworks (e.g., NIST, ISO 27001) to guide security assessments and audits.
• Incident Response: Contribute to the development of incident response plans and assist in managing security incidents when they occur.
• Reporting: Prepare detailed audit reports, including findings, recommendations, and action plans. Communicate findings to senior management.
• Education and Training: Stay current with emerging cyber threats and technologies. Provide training and guidance to IT and security teams to enhance their cyber security awareness.

Requirement

• Bachelors degree in a relevant field.
• Certified Information Systems Security Professional (CISSP) and other relevant certifications.
• 9 years of experience in auditing and information and cyber security.
• 3 years of specific experience in IT Auditing.
• 6 years of specific experience in Cyber Security, with a focus on technical applications and knowledge.
• Strong analytical and problem-solving skills.
• Excellent communication and reporting abilities.
• Up-to-date knowledge of industry standards and best practices in cyber security.

Short Description / Purpose of Job:

Manage and conduct IT audits, with a primary focus on information and cyber security, for a major global chemicals and energy company. The goal is to mitigate information management and cyber security risks that impact the business operations and provide expert insights. Effectively oversee audit budgets and resource allocations for assigned audit tasks as necessary while ensuring timely reporting. Monitor the quality of audits in accordance with the relevant Operating Manual.

Recruitment Description / Key Accountabilities:

• Prepare and review planning memorandums and audit programs. Adjust the audit focus toward high-risk areas and track progress towards strategic objectives.
• Execute audits by identifying risks and weaknesses, ensuring that processes and systems comply with relevant policies, standards, statutory, and regulatory requirements.
• Manage and conduct both planned and ad-hoc audits (self-directed and managed audits), allocating resources in line with budgetary requirements and established timelines to contribute to the completion of the integrated risk-based annual assurance plan (IRBAAP).
• Conduct audits to provide assurance that the internal system controls, established by management to safeguard the company’s assets and liabilities, are effectively designed and operational.
• Ensure the submission of factual and timely reports (self-directed and managed) within the stipulated reporting protocol, and incorporate changes based on stakeholder feedback.
• Thoroughly document all audit working papers, including the evidence supporting audit report findings and results.
• Review audit reports and working papers of managed audits when requested by the Senior Manager or Head of Function.
• Plan, manage, execute, and report on overseas audits when necessary.
• Conduct quality peer reviews and adhere to quality improvement practices.
• Assess the performance of all team members involved in managed audits and take appropriate corrective actions.
• Contribute to the preparation and submission of reports to the Group Executive Committee, Governance Committees, Executive Committees, and company Limited Audit Committee.
• Monitor progress against the annual audit plan, identify significant governance issues, and escalate them to top management as required.
• Engage with relevant stakeholders, participate in relevant stakeholder forums, and provide specialized advice.
• Contribute to the development and implementation of the integrated risk-based annual assurance plan.
• Stay up-to-date with and share knowledge regarding new and emerging developments in the internal audit profession and technological solutions.
• Execute and provide support for non-audit activities as assigned.

Formal Education:

• Bachelor’s Degree

Minimum Experience:

• A minimum of 9 years of relevant experience related to auditing and information and cyber security.

Certifications & Professional Membership:

• Possession of Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and/or Certified Ethical Hacking (CEH) certifications is advantageous.

Competencies:

• Collaboration: The ability to work with others to produce effective outcomes.
• Critical Reasoning: The capability to think critically about issues logically and sensibly, considering all factors.
• Execution Capability: The underlying ability to carry out strategies, projects, or daily work effectively.
• Problem Solving: A systematic approach to defining, researching, and solving problems, involving critical thinking, analysis, and persistence.
• Project Management: The skill of planning, organizing, and managing tasks and resources to achieve specific objectives, often within constraints of time, resources, and cost.
• Relationship Management: The conscious effort to develop and maintain long-term, trust-based relationships with internal and external stakeholders, including customers, distributors, suppliers, and other essential parties.
• Reporting: The ability to extract information from databases, forms, and various sources and create reports in compliance with requirements.
• Self-Mastery: Taking responsibility for personal growth through self-awareness, reflection, seeking feedback, and self-correction.
• Tech Savvy: Proficiency in the Information Technology Industry, including knowledge of trends, emerging technology, best practices, competition, regulations, and legislation.