JOB SUMMARY

The main purpose of this position is to support DLM IT and Infrastructure Audit in performing risk management, internal controls, and governance of Information Technology systems and business applications. The incumbent is responsible to support senior management to develop, manage and execute audit plan using risk-based approach, including any risks and controls identified by management.

JOB RESPONSIBILITIES

1. Participate in the development of annual internal audit plan for Chief Internal Auditor and Audit Committee’s review and approval.
 
2. Provide support in developing internal audit and assurance assignments related to Information Technology systems and infrastructure.
3. Facilitate the GM IT Audit and Technical Operations in implementing IT audit framework, standard templates and checklists in context of approved audit plan across the entire organization.
 
4. Provide the business and IT management with guidance on IT risk management matters, particularly on applications and infrastructure security.
5. Provide support in developing and maintaining IT Risk Assessment at company level, while identifying areas where business units should consider additional investment.
6. Manage audits team in conducting IT audits covering system applications and IT processes.
Prepare the audit results for senior executives and Audit Committee. 
7. Manage IT security audits (networks, operating system, and data center), including evaluation of security vulnerabilities.
Coordinate the scope and performance of these reviews with business units and external security experts.
8. Assist GM IT Audit and Technical Operations in preparation of presentations for the Audit Committee to discuss internal audit reports and projections.
 
9. Conduct review of IT management policies and procedures such as change management, business continuity planning / disaster recovery and information security for the senior management to ensure that controls surrounding these processes are adequate.
10. Develop a detailed understanding of the activity under audit, including IT risks and controls and develop IT audit work programs accordingly.
11. Assess IT risks and internal control weaknesses and advise IT and business auditees the best practices with respect to their processes.
12. The individual shall ensure compliance to the Enterprise Risk Management Framework enforced in the Company while performing job responsibilities in accordance with his assigned role.
13. The individual shall ensure compliance to the Business Principles and Ethics Policy / Code of Conduct.
14. Undertake any other assignment as instructed by senior management.
15. Identify risks in internal audit observations  and communicate to concerned levels of management for risk management.