Senior Manager, IT Internal Audit

Description

• Drive a strong governance, risk, and control culture through trainings, workshops, and knowledge-sharing. Mentor and guide team members, fostering capability building, high performance, and professional growth.
• Support Financial, Compliance, and Operational audits and advisory engagements in system workflows, application controls, access governance, and data validation, among others.
• Champion adoption of governance, risk, and control best practices across the Group.
• Integrate industry benchmarks, best practices, and emerging risks into actionable recommendations.
• IT General Controls, Application Controls, IT Infrastructure & Security, Cybersecurity, Cloud/Platform Governance.
• Support emerging areas such as ESG data governance and technology-enabled ESG reporting controls.
• Lead in fast-paced, dynamic environments, managing multiple priorities while ensuring quality.
• Provide assurance over major digital initiatives (ERP upgrades, cloud migrations, AI/automation tools), assessing governance, system configuration, workflows, data migration controls, and post-implementation readiness.
• Present findings to management and the Audit Committee, driving timely implementation of agreed actions.
• Auditing digital initiatives and emerging technologies, such as AI, automation, ERP/system implementations, and data migration controls.
• Mentor team, foster high performance, and promote control culture across the organisation.
• Prioritise audits based on enterprise risks, digital transformation, system implementations, emerging technologies (AI/automation), cybersecurity threats, cloud adoption, and third-party dependencies. Keep the plan agile and forward-looking.
• Lead the full audit lifecycle: risk assessment, planning, fieldwork, reporting, and follow-up.
• Evaluate control effectiveness, identify root causes, quantify risk exposure, and deliver practical, value-adding recommendations.
• Stay current with technology trends, cybersecurity threats, regulatory developments, and GRC best practices.
• Facilitate strategic discussions and manage complex or sensitive issues with professionalism.
• Continuously enhance audit methodologies, data-driven approaches, and reporting to maximize impact.
• Develop a robust, risk-based Annual IT Audit Workplan aligned with strategic priorities, operational needs, and emerging technology risks.
• Build trusted relationships with Group IT, Business Units, and Corporate Functions, influencing decisions on IT governance, risk management, and control adoption.
• Lead or support special reviews, Whistleblow investigations, ERM initiatives, and control/process design for new tools.

Requirements

• Knowledge of maritime, data centre, and real estate industries is advantageous.
• Travel: Willingness to travel internationally, approximately 15–20% of the time.
• Skilled at facilitating strategic discussions, managing sensitive or complex issues, influencing stakeholders adoption, and champion risk-informed practices.
• Excellent command of written and spoken English, with strong report-writing and executive-level presentation skills. Ability to read and speak Chinese is advantageous. Skilled in engaging stakeholders, facilitating strategic discussions, and influencing decision-making at senior levels.
• Able to operate independently, and also lead and manage a team.
• Good understanding of COSO, COBIT, ISO 27000, NIST and related standards.
• Data analytics capabilities to generate actionable insights, quantify risks, and support recommendations.
• IT resilience, incident response, disaster recovery, identity & access management, and third-party governance.
• Proficient in Microsoft Office and data analytics tools (e.g., IDEAS, Power BI, advanced excel) on large datasets to generate meaningful and actionable insights on audit engagements.
• Demonstrate agility and strategic thinking across diverse audit themes, business environments, and Group priorities.
• Minimum 12 years of relevant IT audit experience, ideally spanning commercial organisations and professional firms, with proven supervisory and team-lead experience.
• Working knowledge on SAP is necessary.
• Confident, proactive, and able to build trusted relationships
• Other relevant professional qualification(s) such as Certified Information Security Manager (CISM), Certified Internal Auditor (CIA), Certified Information Privacy Manager (CIPM), Certified Security Professional (CCSP) will be an advantage.
• Certification in Certified Information Systems Auditor (CISA) and/or Certified Information Systems Security Professional (CISSP) is required.

Benefits

Training + Development

Interview process

Visa Sponsorship

Security clearance