Get to know our Team:
Internal Audit is an independent function within Grab, providing objective assurance and advice to Grab’s overall operations. We use a systematic, disciplined risk-based approach in our work to evaluate and review Grab’s processes. Reflecting Grab’s entrepreneurial spirit, Internal Audit covers multiple business and technology areas as part of our work.
Get to know the Role:
- As a systems auditor, you will interact with different teams within Grab. We are looking for someone who can bring his or her audit experience in a fast-paced environment. You will be asked to plan, manage and execute audit projects successfully. That means designing audit controls to evaluate technologies ranging from applications, cloud infrastructure to network.
- The ideal candidate will either be a systems auditor who understands IT general controls and possesses specialised knowledge in one of the IT security domains listed below, or an existing practitioner in one of the domains below and wishes to pursue a career in audit. Possible domains include:
- Red teaming / Penetration testing
- DevSecOps / Secured software development
- Cloud security / Cloud architecture
- Network operations / Network architecture
- Incident response / Computer forensics
- Data analytics / Machine learning
The day-to-day activities:
- Advise and provide recommendations to stakeholders on risk and control issues, process improvement and compliance measures;
- Teach, train and share knowledge with other staff;
- Knowledge of best practices and standards related to IT security and audit controls;
- Knowledge of financial regulations and disciplines for countries in Southeast Asia;
- Lead and manage audit projects to completion;
- Perform fieldwork by understanding the design and implementation of controls and testing their effectiveness; and
- Follow up on identified audit or risk assessment issues.
The must haves:
- At least 5+ years of experience in IT audits, IT security or other relevant experience transferable to audit
- Able to plan, lead and execute audit projects from the beginning to the end
- Good engagement, communication and relationship management skills
- Good command of English in communication and report writing
- Ability to manage multiple tasks effectively and “roll up your sleeves” to do what it takes
- Willingness to expand the range of responsibilities as the company grows
- Possess knowledge in AT LEAST one of the IT domains below:
- Application security assessment: Security assessments and penetration testing knowledge for mobile applications. Understand and analyse source codes
- Infrastructure security assessment: Security assessment and penetration testing knowledge for infrastructure and network. Understand vulnerabilities at operating systems and network protocols
- Secured software development: Knowledge in programming languages such as Go, Java or SWIFT. Knowledge in CI/CD workflows and secured coding practices
- Virtualisation and cloud technologies: Understand infrastructure as a service and application container technologies. AWS knowledge is a plus
- Network operations: Understand traditional network layers and protocols, network access controls and firewall rules. Knowledge on AWS networking such as security groups and VPC components
- Incident response and forensics: Knowledge in sandboxing malware, incident response and investigation work for cloud instances, memory forensics and endpoint devices
- Data analytics: Knowledge in designing logic, analysing data and building dashboards to automate audit work and testing. Knowledge on Tableau is a plus
- Start-up experience, banking or financial services preferred
- Be willing to travel when necessary
