Job Summary

The IT Internal Audit Senior Manager plays a key leadership role in driving the Group’s technology audit, assurance, and advisory agenda.  As an independent assurance and strategic advisor, you will partner with Group IT, Business Units, and Corporate Functions to strengthen governance, risk management, cybersecurity resilience, and IT control maturity across the organisation.

This role requires a seasoned IT audit professional with deep expertise in IT General Controls, Application & Security Controls, IT Infrastructure & Network, Cybersecurity, Cloud/Platform Governance, and emerging technologies including AI and automation. Experience in operational, financial, and compliance audits in multi-business environments is highly advantageous.

Key Responsibilities

Develop and Drive the Annual IT Audit Workplan  

• Develop a robust, risk-based Annual IT Audit Workplan aligned with strategic priorities, operational needs, and emerging technology risks.
• Prioritise audits based on enterprise risks, digital transformation, system implementations, emerging technologies (AI/automation), cybersecurity threats, cloud adoption, and third-party dependencies. Keep the plan agile and forward-looking.
• Provide assurance over major digital initiatives (ERP upgrades, cloud migrations, AI/automation tools), assessing governance, system configuration, workflows, data migration controls, and post-implementation readiness.

Lead Stakeholder Engagement & Strategic Risk Advisory 

• Build trusted relationships with Group IT, Business Units, and Corporate Functions, influencing decisions on IT governance, risk management, and control adoption.
• Facilitate strategic discussions and manage complex or sensitive issues with professionalism.
• Integrate industry benchmarks, best practices, and emerging risks into actionable recommendations.
• Champion adoption of governance, risk, and control best practices across the Group.

Lead End-to-End IT Audit Engagements

• Lead the full audit lifecycle: risk assessment, planning, fieldwork, reporting, and follow-up.
• Evaluate control effectiveness, identify root causes, quantify risk exposure, and deliver practical, value-adding recommendations.
• Present findings to management and the Audit Committee, driving timely implementation of agreed actions.

Integrated Audits, Advisory, and Business Partnering

• Support Financial, Compliance, and Operational audits and advisory engagements in system workflows, application controls, access governance, and data validation, among others.
• Lead or support special reviews, Whistleblow investigations, ERM initiatives, and control/process design for new tools.
• Support emerging areas such as ESG data governance and technology-enabled ESG reporting controls.
• Demonstrate agility and strategic thinking across diverse audit themes, business environments, and Group priorities.

Promote Control Culture and Professional Leadership

• Drive a strong governance, risk, and control culture through trainings, workshops, and knowledge-sharing.  Mentor and guide team members, fostering capability building, high performance, and professional growth.
• Continuously enhance audit methodologies, data-driven approaches, and reporting to maximize impact.
• Stay current with technology trends, cybersecurity threats, regulatory developments, and GRC best practices.

Key Requirements

Experience

• Minimum 12 years of relevant IT audit experience, ideally spanning commercial organisations and professional firms, with proven supervisory and team-lead experience.
• Knowledge of maritime, data centre, and real estate industries is advantageous. 
• Able to operate independently, and also lead and manage a team.

Key Certification

• Certification in Certified Information Systems Auditor (CISA) and/or Certified Information Systems Security Professional (CISSP) is required.
• Other relevant professional qualification(s) such as Certified Information Security Manager (CISM), Certified Internal Auditor (CIA), Certified Information Privacy Manager (CIPM), Certified Security Professional (CCSP) will be an advantage.
• Good understanding of COSO, COBIT, ISO 27000, NIST and related standards.

Technical Expertise

• IT General Controls, Application Controls, IT Infrastructure & Security, Cybersecurity, Cloud/Platform Governance.
• Auditing digital initiatives and emerging technologies, such as AI, automation, ERP/system implementations, and data migration controls.
• IT resilience, incident response, disaster recovery, identity & access management, and third-party governance.
• Data analytics capabilities to generate actionable insights, quantify risks, and support recommendations.

Leadership & Stakeholder Engagement

• Confident, proactive, and able to build trusted relationships
• Skilled at facilitating strategic discussions, managing sensitive or complex issues, influencing stakeholders adoption, and champion risk-informed practices.
• Mentor team, foster high performance, and promote control culture across the organisation.

Resilience & Agility

• Lead in fast-paced, dynamic environments, managing multiple priorities while ensuring quality.

Communication and Interpersonal Skills

• Excellent command of written and spoken English, with strong report-writing and executive-level presentation skills. Ability to read and speak Chinese is advantageous. Skilled in engaging stakeholders, facilitating strategic discussions, and influencing decision-making at senior levels.

• Travel: Willingness to travel internationally, approximately 15–20% of the time.
• Working knowledge on SAP is necessary.
• Proficient in Microsoft Office and data analytics tools (e.g., IDEAS, Power BI, advanced excel) on large datasets to generate meaningful and actionable insights on audit engagements.

Education