Title: Information Technology Internal Auditor
The IT Internal Audit Lead is responsible for developing and implementing internal audit projects focusing on the assigned region's cyber/data security, computer operations, IT compliance, and other IT concerns in need of immediate action. He ensures that critical activities for the audit is effectively performed, namely: planning and development of audit projects, identifying the issues, risks, and opportunities, providing recommendations on regional processes and controls, communicating results to clients and executives, and following-up on action plans of agreed recommendations. He will oversee the team’s performance so that a high-quality and timely audit reports are presented to clients and executives.
Audit Plan Development, Implementation and Monitoring
- In collaboration with senior management and the audit committee, develop a comprehensive and workable IT audit plan of annual and long-term audit coverage for the Jollibee Group of Companies using the risk-based methodology. Provide key inputs on the Division’s strategic plans.
- Implement the assigned region’s IT audit plan and design programs responsive to the risks and priorities identified, including, as appropriate, any special tasks, ad-hoc audits or project reviews requested by management.
- Determine, deploy and manage resources required to carry out the IT audit plan, ensuring that these are appropriate, sufficient and effective to carry out the audit plan.
- Review and approve the engagement plan, including the objectives, scope, audit strategies and procedures set by the assigned auditor. Evaluate audit procedures and design or innovate practical and responsive audit approaches and strategies.
- Monitor the achievement of the audit plan. Timely communicate updates to senior IT audit manager, providing information on the status and results of the audit plan.
- Coordinate IT audit activities with external auditors and other units performing assurance activities in the Company to ensure proper audit coverage, eliminate duplication of effort, and improve efficiency and effectiveness of audit activities.
Assurance and Consulting Engagements
- Lead the regional audit team in information systems process reviews, assurance and consulting engagements in the JFC Group of Companies, bringing about cost-effective recommendations to audit issues and business risks and organizational savings.
- Direct or perform analyses and investigations involving information systems fraud, data breaches and unethical misconduct and recommend measures for their correction and prevention. Coordinate with lawyers and other parties on fraud cases and filing of cases. Design supplemental procedures in IT audit programs or develop IT fraud audit procedures to disclose risk or existence of fraud.
Communicating Audit Results and Monitoring Implementation of Action Plans
- Communicate the results of reviews through written audit reports and audit conferences with top and operating management. Review audit reports completed by the audit team and ensure that these are accurate, impartial, clear, succinct, constructive, value-adding and timely.
- Provide periodic reports to senior IT audit manager on the significant IT audit issues and agreed resolutions. Influence to drive implementation of recommended resolutions for escalated unresolved audit issues.
- Monitor the effectiveness of remediated activities and work with management to ensure any residual risks are addressed.
- Conduct quality assurance review of reports and audit working papers to ensure conformance with the Internal Auditing Standards.
Personnel and Talent Development
- Monitor performance of IT staff auditors against set standards, identify and discuss their strengths and areas for improvement. Determine their training and development needs. Develop, together with the staff, their career path. Administer effective discipline, as necessary.
- Coach and mentor staff auditors on IT audit methodologies and processes and provide technical knowledge and information on related areas or functions to enable efficient and effective conduct of audit.
- Motivate and inspire staff auditors to successfully meet their key job responsibilities and to elicit optimal performance and their full potential.
Leadership and Innovation
- Maintain technical expertise in the field of information technology and apply leading practices on audit methodologies on audit data assessment, integration, analysis, and evaluation.
- Conduct external benchmarking as necessary.
JOB QUALIFICATIONS
- Graduate of Computer Science, IT Engineering, Information Systems, or Accountancy.
- At least 3 years of experience in information technology auditing, combined audit/IT audit, or relevant information security or information technology roles.
- Proven expertise in auditing IT business processes, systems, controls, applications, infrastructure, networks, computer hardware, software, and operating systems.
- Preferably certified in auditing and information security domains (at least one of the following: CIA, CISA, CISM), but not required.
- Willing to be assigned to Ortigas, Pasig City (hybrid set-up).