Assistant Director (Cybersecurity and IT Infrastructure), IT Audit

In this role, you will lead a team of auditors as the Line 3 audit coverage for Cybersecurity and IT Infrastructure team to oversee technology infrastructure systems and processes supporting public healthcare institutions and shared services. You will also serve as the technical domain lead to drive the coverage of audit universe for cyber infrastructure, resilience, AI, new technologies, and advisories. As the IT anchor for selected healthcare entities and clusters, you will manage IT audit requirements and update the assigned Audit Board Committees and manage the audit coverage for operational processes in some of these legal entities. Below are some examples:

• Cybersecurity technology and Road Map
• Infrastructure and IT operations including cloud technology
• DevSec Operations
• AI security and governance
• Using Data Analytics to identify improvements in in cyber and technology to support business processes.
• Participate in System Development Life Cycle (SDLC) review to provide advice on security and control features during the development stage including pre-implementation and post-implementation controls.
• To review the system availability and resilience for operations in the different lines of businesses.

JOB RESPONSIBILITIES

• Practical knowledge of ITIL, MiTRE Attack, CIS, DevSecOps, datacentre operations , Cloud, AI governance.
• Good understanding of the audit methodology and the cyber security defence and infrastructure measures put in place.
• Strong understanding and risk and controls, ability to articulate issues, and provide board & management reporting.
• Strong understanding of complex business and IT processes, and their related risks.
• Staff and audit project management experience is preferred.
• Proven experience in delivering internal audit and advisory engagements.
• Able to evaluate IT internal controls and identify opportunities for controls improvement.
• Able to identify other areas of business initiatives and changes in the business environment and assess their enablers from cybersecurity and technology.
• Resourceful and possess good interpersonal and communication skills as well as good leadership qualities.
• Able to work independently and as an effective team player.

JOB REQUIREMENTS

Education Requirement(s):

• Degree in Computing or Accountancy
• CIA/CISA/CRISC/CISM/CISSP/PMP/Agile certifications are added advantage.

Key Qualities:

• To present and communicate with the Audit Committee and Senior Management of the MOHH group of entities on the IT audit findings.
• Monitor and deliver audit coverage for audit universe in public healthcare for cyber, infrastructure, infrastructure resilience, and new technology.
• To present and articulate the IT, Operations and cyber security observations to senior management.
• Ensures staff compliance with Audit Procedures when reviewing/approving audit plans, working papers, audit reports and other ad hoc assignments submitted by staff.
• Managing resources and projects to meet the internal audit plan established and delivery of quality outputs.
• Drive IT audits, advisory and investigation work on the stakeholders.
• Prepare and present insightful findings to Management and Audit Committee, and perform any other duties as assigned.
• Deliver high quality and efficient audit and advisory services.
• Coach and develop people by sharing knowledge with team members and helping team members attain experiences that cultivate technical competencies.
• Manage IT auditors’ performance, oversee IT training and development and ensure appropriate resources of IT capabilities.
• Establishing and maintaining key business relationships with internal firm leadership and the firm's external auditors resulting in maximum effectiveness.
• Plan, perform and lead audits of complex system and/or operations or perform components of such audits.
• Explore and Implement new technologies for audit leveraging AI, Cloud and automation.

Years of Experience Required:

• At least 12 years of IT external or internal audit working experience to audit the infrastructure and cybersecurity with big 4 Accounting firms or large conglomerates.
• Years of IT security implementation experience either from in-house capability; a Service Integrator (SI) environment or from a consulting firm are also welcome.