Cybersecurity Audit manager will assist the Head, IT Audit and Analytics to lead and undertake audit of IT areas such as cybersecurity and information security controls, applications, network infrastructure, data centers and systems using a COBIT risk-based approach.
He/she will adopt an advisory/subject matter expertise role in application security, vulnerability testing and recommend improvements on IT governance, risk management and controls.
Use data analytic tools and processes to assist all countries Finance and Operational Internal audit teams in delivering enhanced value to IHH management.
Key Accountabilities:
Leads and conducts Information Technology (IT) and cybersecurity audits, risk assessment, security and control reviews and Systems Development Life Cycle (SDLC) audits across the entities of IHH Healthcare Group.
Identifies, analyses, and communicates any inadequate controls and deviation from established security policies, plans and procedures, laws and regulations to those responsible for corrective action.
Performs follow-up reviews as necessary to ensure that corrective action has been taken.
Reviews new security products and systems and major enhancements on a timely basis to ensure that risks have been identified and adequate controls are present.
Presents audit findings orally and recommendations. Participates in exit meeting when the audit is completed.
Clearly explains the significance of all audit findings and recommendations and documenting their responses.
Advises management of potential control risk issues and recommends beneficial audit initiatives in line with best practices.
Participates in working committees for IT projects as and when required (e.g. Hospital Information System).
Continuously advise Head IT Audit and Analytics of all major risk, control and regulatory/security issues that impact the IHH IT control environment.
Build trust and credibility with stakeholders in order to objectively engage them and where appropriate, challenge their views and support senior management in achieving their business objectives.
Undertakes additional duties as required by Head IT Audit and Analytics such as assisting in Audit Committee report preparation and supporting ad-hoc projects.
Requirements:
Minimum 5 to 7 years of information security or cybersecurity audit analyst experience, preferably in an international auditing firm, banking or relevant industry.
Degree in Computer Science or Computer Engineering or Information Systems or Cybersecurity equivalent.
Candidates with Certified Information Systems Security Professional (CISSP), Certified Information System Auditor (CISA) certification, Global Information Assurance Certification (GIAC) or equivalent will be of added advantage.
Experience in evaluating cyber security controls and providing guidance for platform or distributed computing platforms (Cloud, PaaS)
Experience in leading and carrying out audits of cybersecurity areas (cybersecurity maturity assessment, attack detection and prevention, security monitoring, incident response etc), network security (Cisco routers, switches, Checkpoint firewalls, etc.), database (MS SQL, Oracle, etc), operating system (UNIX, Microsoft etc), ERP system (such as SAP), application controls and system development process.
Proficiency in Python, SQL, Microsoft Power BI and data analytics related coding experience will be an added advantage.
Willing to travel overseas for work (about 20% of the time).
