Get to know our Team:
Internal Audit is an independent function within Grab, providing objective assurance and advise to Grab’s overall operations. We use a systematic, disciplined risk-based approach in our work to evaluate and review Grab’s processes. Reflecting Grab’s entrepreneurial spirit, Internal Audit covers multiple business and technology areas as part of our work.
Get to know the Role:
As a systems auditor, you will interact with different teams within Grab. We are looking for someone who can bring his or her audit experience in a fast-paced environment. You will be asked to plan, manage and execute audit projects successfully. That means designing audit controls to evaluate technologies ranging from applications, cloud infrastructure to network layers.
The day-to-day activities:
- Advise and provide recommendations to stakeholders on risk and control issues, process improvement and compliance measures;
- Teach, train and share knowledge with other staff;
- Knowledge of best practices and standards related to IT security and audit controls;
- Knowledge of financial regulations and disciplines for countries in Southeast Asia;
- Lead and manage audit projects to completion;
- Perform fieldwork by understanding the design and implementation of controls and testing their effectiveness; and
- Follow up on identified audit or risk assessment issues.
The must haves:
- At least 6+ years of relevant experience in auditing systems, evaluate IT controls and risk assessment in sizeable or multinational companies
- Outstanding engagement and management abilities with internal staff
- Excellent command of English in communication and report writing
- Proficiency in productivity tools (email, calendar, Word, Excel, PowerPoint)
- Ability to manage multiple tasks effectively and “roll up your sleeves” to do what it takes
- Willingness to expand range of responsibilities as the company grows
- Able to plan, lead and execute audit projects
- Understand and mapping architecture layout for applications, interfaces and infrastructure
- Possess a risk and control mindset to be able to audit new technologies
- Possess knowledge in at least one of the following domains:
- Application security assessment: Security assessments using tools such as BurpSuite or Drozer for mobile applications.
- Understand and analyse source codes
- Infrastructure security assessment: Security testing using Kali Linux or equivalent tools. Understand vulnerabilities at operating systems and network protocols
- Secured software development: Knowledge in programming languages such as Go, Java or SWIFT and CI/CD workflows with secured coding
- Virtualisation and cloud technologies: Understand hypervisor, infrastructure cloud and application container technologies
- Network operations: Understand network layers and protocols, network access controls, configuration settings and firewall rules
- Incident response and forensics: Knowledge in sandboxing malware, incident response and investigation work
- Data analytics: Knowledge in design, analyse data and build dashboards relevant to audit work using tools such as Tableau
- Start-up experience, banking or financial services preferred
- Stay current on industry standards, and develop strong relationships with private sector counterparts;
- Existing network of private and public sector contacts
- Be willing to travel when necessary
