Internal Audit department of SMBC is responsible for examining the overall internal control system including the effectiveness and efficiency of operationsand compliance with applicable laws and regulations.

Internal Audit Department, Asia Pacific Division (IAD AP) conducts internal audits of the operations of all SMBC units and departments (including Information Technology and Information Security audits). The IADAP team based in Singapore is primarily responsible for the audits of SMBC units and activities in Asia Pacific region. However the team may be called upon to help support the other regions.

Considering expansion of audit universe in view of the expansion of APAC, it is critical to maintain at least the current headcount to conduct the audit plan in timely and precise manner.

As Regional IT Auditor, you will add value and improve the bank's Information Technology and Information Security operations by bringing an efficient and disciplined approach to the effectiveness of risk management, control, and governance processes. You will travel and work closely with internal audit counterparts on a regional scale to conduct audit visits. You will have the opportunity to work with the stakeholders to evaluate internal controls and providing recommendations to strengthen these processes.

The Regional IT Auditor will be responsible for conducting IT audits across the Asia Pacific region. This role focuses on evaluating the effectiveness of governance, risk management, and control processes within information technology environments across SMBC APAC offices.

Responsibilities

• Lead and/or execute Information Technology and Information Security audits independently and efficiently, which includes audit planning, key control evaluation and testing, report drafting, as well as follow-up and closure of issues. Perform these audit activities in accordance with the Bank's internal audit methodology.
• Assess the Bank's Information Technology and Information Security internal control environment to provide comprehensive insights into the current risk posture, identify potential vulnerabilities, and recommend strategic improvements. These recommendations aim to enhance the overall security framework and ensure compliance with regulatory requirements.
• Provide value-adding recommendations to management to address emerging issues or remediate identified weaknesses.
• Apply data analytics to assess the internal control environment.
• Establish and develop good working relationships with management of assigned Information Technology and Information Security functions, for which the candidate has been assigned risk assessment responsibilities.
• Contribute to the annual risk assessment exercise by developing a thorough understanding of the business strategy, plans, products, processes, performance, risks, and issues of the assigned Information Techology and information Security functions.
• Perform continuous monitoring on assigned Information Technology an Information Security functions to keep abreast on evolving markets, regulatory, business and operational changes to drive appropriate ongoing audit coverage.
• Perform continuous monitoring of assigned Information Technology and Information Security functions to stay informed about evolving markets, regulatory changes, business, and operational shifts. This ongoing monitoring helps drive appropriate audit coverage.
• Keep abreast of regulatory changes and industry best practices in Asia Pacific region (e.g. Singapore, Australia, India, Seoul, Taiwan, Vietnam, Thailand, etc).
• Participate in the team's strategic initiatives and projects as opportunities arise.

Requirements

• Minimum of 6 years of experience in IT auditing, preferably in a financial services environment. Experience in the APAC region is highly desirable.
• CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), or equivalent preferred.
• Familiar with the regulatory requirements specific to technology risk management in Asia Pacific (e.g. MAS, RBI, APRA, SBV, etc ).
• Familiar with execution of risk-based audit approach.
• Strong understanding of IT audit methodologies, cybersecurity controls, frameworks (e.g., COBIT, ISO 27001, NIST), and ITGC (IT General Controls).
• Proficient in both spoken and written English.
• Good interpersonal and stakeholder management skills.
• Good team player as well as able to work independently.
• Meticulous, disciplined and self-motivated individual with the passion to pursue excellence.