System Audit Assistant Manager

Get to know our Team:

Internal Audit is an independent function within Grab, providing objective assurance and advice to Grab’s overall operations. We use a systematic, disciplined risk-based approach in our work to evaluate and review Grab’s processes. Reflecting Grab’s entrepreneurial spirit, Internal Audit covers multiple business and technology areas as part of our work.

Get to know the Role:

As a systems auditor, you will interact with different teams within Grab. We are looking for someone who can bring his or her audit experience in a fast-paced environment. You will be asked to plan, manage and execute audit projects successfully. That means designing audit controls to evaluate technologies ranging from applications, cloud infrastructure to network.

The ideal candidate is someone who understands the concept of IT general controls and possesses a risk and control mindset. He or she will be able to apply this mindset into audit fieldwork and have experience or knowledge in either:

• Cloud Computing: This covers cloud architecture, cloud security and configuration. Understanding of AWS or Azure is a plus.

• Application Controls: This covers application interfaces, data reconciliation, access management

and application security.

Other knowledge such as DevSecOps, network, incident response or data analytics are advantageous and will be considered.

The day-to-day activities: 

• Advise and provide recommendations to stakeholders on risk and control issues, process improvement and compliance measures;

• Teach, train and share knowledge with other staff;

• Knowledge of best practices and standards related to IT security and audit controls;

• Knowledge of financial regulations and disciplines for countries in Southeast Asia;

• Lead and manage audit projects to completion;

• Perform fieldwork by understanding the design and implementation of controls and testing their effectiveness; and

• Follow up on identified audit or risk assessment issues.

The must haves:

• At least 5+ years of experience in IT audit, IT security or other relevant experience transferable to audit

• Able to plan, lead and execute audit projects from the beginning to the end

• Good engagement, communication and relationship management skills

• Good command of English in communication and report writing

• Ability to manage multiple tasks effectively and “roll up your sleeves” to do what it takes

• Willingness to expand the range of responsibilities as the company grows

• Be willing to travel when necessary

• Possess knowledge in either Cloud Computing or Application Controls

Nice to have:

• Knowledge in IT domains that can help in audit fieldwork. This can include areas such as red teaming, pen testing, DevSecOps, network, incident response or data analytics.

• Relevant Certifications (e.g. CISA, CISSP, GCIH, OSCP, AWS Security, Azure Security Engineer)

• Knowledge of Tableau software