it aud it SupervisorING Business Shared Services B.V.

ROLE PROFILE As an IT Auditor at CAS IBSS Manila, you will be a part of the global Wholesale Banking IT team, of which 6 are in Amsterdam and 3 in Asia. You will conduct and coordinate IT Audits. This means that you will evaluate the design and ass ROLE PROFILE As an IT Auditor at CAS IBSS Manila, you will be a part of the global Wholesale Banking IT team, of which 6 are in Amsterdam and 3 in Asia. You will conduct and coordinate IT Audits. This means that you will evaluate the design and assess the operating effectiveness of IT controls, including reviews of IT architecture, IT system development, IT operations and IT security management. The team is ambitious to be best-in-class and develops and uses advanced audit techniques, such as penetration testing and IT vulnerability scanning. IT audits are often performed in close cooperation with business auditors and relate to the latest IT developments. You will report your audit findings correctly and systematically in audit reports, including suggestions for improvement and concrete recommendations that you will present to ING Bank management. As an IT Auditor based in IBSS Manila, you will work with an international team as part of the IT Audit Division. This division forms a part of CAS (Corporate Audit Services), which is a highly professional organisation with approximately 20 audit teams across the globe. CAS comprises a diverse international team of around 300 members. Together with your other international IT audit colleagues, you will provide audit coverage on a variety of IT related audits. Key Responsibilities (A) Assignment planning Sets the overall audit objective, scope and approach. Responsible for the business process analysis, assessment of inherent risk, evaluation of control design and initial assessment of residual risk. Ensures an appropriate audit work program is prepared in accordance with Standard Audit Guidance concept. Prepares the Audit Planning Memo and Terms of Reference and obtains approval from regional and global levels. (B) Audit execution As an IT Auditor, you will have an in-depth knowledge of technical IT environments. You use your strong analytical skills to identify the areas of focus within our IT audit strategy and individual IT audits. You are naturally proactive, critical and curious, and you search for missing information on your own initiative. You have strong verbal and written communicative skills and interpersonal capabilities. Therefore, you know how to ask the right questions and get the right information, even when you have to overcome resistance. You are accurate, creative in your solutions and you describe yourself as a team player who is capable of working in international teams, as well as independently when the task at hand requires this. Also, you are keen on self-development. Specifically, you will: Depending on the role in the audit, you will support or lead the execution of the audit, ensuring there is independent and objective evaluation of the design and operational effectiveness of key controls and assesses the residual risk. Monitor progress and review the activities carried out by the team according to the established audit programs / risk control matrices. Perform testing in complex and specialised IT audits where technical experience is required. Carry out audit activities embracing utilisation of Computer Assisted Audit Techniques as appropriate. Ensure that stakeholders (CAS and Business) are kept regularly informed of the progress of the audit and any potential issues arising. (C) Audit reporting You will discuss audit conclusions and reports with the managers of the business unit being audited. Depending on the role in the audit, you will support or lead the close-out discussions with audit client and management. Depending on the role in the audit, you will support or take ownership and responsibility for the final audit report to management. (D) Audit closure You will ensure that the audit work performed by the audit team is documented in the Audit application in accordance with the guidelines in the CAS manual. Follow-up the closure of earlier reported audit findings and documents the results. Performs job evaluations and provides input to the Audit Head regarding the quantitative and qualitative strength of the audit team. Where applicable provides feedback on the Standard Audit Guidance to the owner. (E) Risk monitoring and Communication You will develop and maintain excellent relationships with IT Management and Information Risk Management. Contribute to the CAS Risk Monitoring Framework in capacity as IT Co-Ordinator. You will ensure that stakeholders are actively kept up to date (no surprises) and negotiate, influence and communicate with audit clients to better understand underlying risks. Participate in various IT Steering Committees to monitor risk and control developments. Work pro-actively with other CAS units around the world to build a network and ensure a consistent audit approach. Pre-requisites A bachelor or master degree in IT. Prior experience with a Big 4 accounting firm or a global internal audit department would be preferred In-depth technical knowledge of IT technologies and IT securityarchitecture applied to operating systems, network infrastructure, database management systems and web servers. Minimum 10 years' hands-on working experience in IT security or IT audit functions Experience with international and complex organisations Experience with vulnerability assessment tools (such as Nessus, Nexpose or OpenVAS) Willingness to travel (up to 30% - for audits outside of IBSS Manila) Certification in one or more of the following would be advantageous: Certified Internal Auditor (CIA) Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Offensive Security Certified Professional (OSCP) or Experienced Penetration Tester (OSEP) SANS Institute, Global Information Assurance Certification (GIAC) Penetration Tester (GPEN) Web Application Penetration Tester (GWAPT) Cloud Penetration Tester (GCPN) Exploit Researcher and Advanced Penetration Tester (GXPN) Mobile Device Security Analyst (GMOB) Red Hat Certified System Administrator (RHCSA) or Certified Engineer (RHCE) Microsoft Azure Security Engineer, Windows Server Hybrid Administrator Associate or Microsoft Certified Solutions Expert Cloud Native Computing Foundation Certified Kubernetes Security Specialist (CKS) or Kubernetes Administrator (CKA) Network Management/Security certification
Monster

Taguig City, Metro Manila
Permanent
Full-time