Specialist, Technology Audit
Description:
Business Function:
Audit helps the Board and Executive Management meet the strategic and operational objectives of the DBS Group. We conduct independent checks to ensure that the Group’s risk and control processes are adequate and effective. All our team members are highly sought-after professionals who work as trusted advisors to our clients, in all matters related to a company’s internal controls.
Job Purpose:
The conversion of digital channels is bringing new opportunities for organisation and at the same time introduces new risks & thus reshaping organizational security and risk management focus. New technologies like biometric authentications, mobile and cloud computing require organisations to reassess their preparedness for cyber attacks & data privacy. Our new digital banking initiative focuses on creating innovative products and services to integrate banking into our customers’ digital lifestyle and at the same time provide seamless, secured & joyful banking experience.
Within DBS, IT Audit is setting the standard to audit the future of banking. Our function IT audit team covers at a broad level Digital Banking systems, IT Infrastructure and Cyber Security. The incumbent would be responsible for execution of the IT audit projects.
Key Accountabilities:
Digital Banking audits
You will be a team player in auditing DBS digital banking landscape. Your primary responsibilities will be auditing both Run-The-Bank (digital banking systems & operations) and Change-The-Bank (digital banking projects) activities in Bank’s Digital Business & Processes.
IT Infrastructure audits
Infrastructure systems and processes form the backbone of our bank. As an infrastructure auditor, you will assess key IT processes such as system/network security management and IT Operations.
Cyber Security audits
As the Cyber security expert, you will be assessing and monitoring the adequacy of DBS cyber defence structure and operation.
Note: Where appropriate, you will also participate in any of above audits.
Job Duties & Responsibilities:
Execute the assigned audit engagements efficiently and effectively and communicate audit findings and recommendations.
Undertake audit projects to provide reliable and independent assurance.
Identify & assess potential risks in accordance with current regulatory requirements & evolving technology landscape in digital banking initiatives.
Advise and apprise promptly the Head of Internal Audit and/or VP of the team of all major risk, control and regulatory issues arising during the audit.
Establish and build relationships with stakeholders.
Define and develop Continuous Auditing scenarios for digital banking areas.
Contribute in knowledge sharing within the team.
Keep abreast of own professional development to enhance one’s skills and competence in Technology.
Requirements:
Banking
Financial Institutional
Technology
Consulting
Required experience:
3 to 7 years in Information Systems Auditing, Information Security or Technology Risk Management domain (preference will be given for experience in Banking & Financial services industry in above domains)
Technical Knowledge:
Digital Banking delivery channel adoption
Internet web hosting, mobile, Wi-Fi
Multi-channel distribution / convergence
Mobile application development & testing
Cyber Security
Source code review
Malwares, attacks & defences
Network Security Architecture
Systems Security operations & surveillance
Vulnerability Assessment / Penetration Testing (Application Security Testing)
Technology- Infrastructure security & processes
Network devices security (e.g. firewalls, intrusion detection system, virtual private network, wireless, switches & routers)
System & database platforms (e.g. Wintel, Unix, Mainframe, Oracle, MS SQL, DB2)
IT processes & related standards (as below)
Data Centre Operations
Change Management
Security events & incidents monitoring
System Configuration baseline controls
End-points security, data loss prevention
Authentication & Access Management
Risk assessment frameworks such as PCI-DSS (payment card industry-data security standards, ISO-27001 Information Security Management System & COBIT)
Emerging Technologies
Cloud Computing
Biometric technology
Mobile devices platforms (android, i-OS)
Non-Technical skills (soft skills)
Good communication skills – spoken and written
Team Player – Ability to work with cross-functional teams.
Business Analyst Skills
Banking product domain knowledge acquisition
Treasury and Markets, Securities, Finance, Risk Management and Islamic Banking
Institutional Banking and Global Transactions Services
Consumer Banking and Wealth Management
User requirements understanding
Application release functionalities validation
Security / controls design assessment
Regulatory compliance relating to Technology
Data Analytics
Risk assessment particularly in regard to assessing the probability and impact of an internal control weakness.
Application Development Knowledge
Agile project management
Mobile application development
Education / Preferred Qualifications:
Degree (in Information Technology or equivalent)
Postgraduate
Professional Certification:
Minimum any one of the below mentioned professional qualifications:
CISA
CISSP
SANS
CEH
ISO27001
Core Competencies:
IT Audit, IT Security
Technical Competencies:
Working knowledge of ITGC Processes e.g. User Access Management, Change Management, Backup and Recovery, End User Security will be preferred.
Work Relationship:
IT, Information Security Services, CISO Team, Operations.
DBS India - Culture & Behaviors:
We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.