• Provides objective assurance to Management and the Board of Directors thru Audit Committee as to the adequacy of controls, compliance with IT policies, procedures and established standards including the level of security applied within the IT environment to better safeguard the Bank assets, systems, and information resources.
• Establishes the IT Audit Annual Plan, which involves coordinating with IT Management on the technological solutions, infrastructure and new business system plans/direction of the bank. Reviews the results of risk based evaluations of the IT organization to determine the extent of the reviews for each IT audit area as well as to set the division’s audit schedule and the corresponding required resources.
• Manages the implementation of IT audit plan and programs to identify weak or lacking IT general and application controls. Reviews audit documentations prepared by IT Audit Department Heads are in accordance with departmental, IAG, and professional standards.
• Oversees the IT Audit review of Bank systems during Systems Development Life Cycle phases, to provide Management with an independent evaluation that adequate project management is in place and that business applications have been developed in a secure and controlled environment.
• Guides IT Audit personnel in revisiting implemented business applications and evaluates the effectiveness of systems in achieving user and management objectives.
• Recommends effective and reasonable process and control improvements, and monitors the follow-up activities for the implementation of audit recommendations.
• Directs IT Infrastructure audit (IT Division and its various support units) to determine the effectiveness, efficiency, and reliability of information technology support functions and activities.
• Determines whether the Bank complies with procedures and control practices of external groups to which it is affiliated with (e.g., BancNet). Interacts with external groups, IT Management and business users in monitoring implementation of the consortium’s established procedures and control standards for the bank’s products, automated business support processes, and other applications with external interfaces.
• Leads the communication/discussion of audit findings, observations and recommendations in a timely and persuasive manner, both verbally and in writing, to IT Line Management before approving a final report.
• Provides IAG Head with monthly reports/summaries of the Division’s progress, the status of various projects, and of decisions made by concerned steering and working committees regarding features, enhancements, and operations of each system including audit recommendations for reporting to the Board of Directors through the Audit Committee.
• Provides consulting services related to IT controls in the review of new and existing policies and procedures (i.e. Anti-Virus Policies, Security Policies, Corporate E-mail and Internet Policies)
• Develops the IT Audit Manual and continuously reviews the processes and standards of the Division. Recommends updates or enhancements based on developments in information technology, audit techniques, IT auditing principles, practice and standards.
• Trains, guides, and motivates IT audit personnel in the application of audit programs and techniques in conducting IT Audit reviews. Enhances IT Audit functions for the development and retention of highly qualified and professional division officers and staff. Reviews performance, provides feedback, and recommends merit increases, promotions, or disciplinary sanctions when appropriate.
• Performs complex audits and special investigations for highly confidential information system matters on an ad-hoc basis and other audit management functions as assigned by IAG Head.
• Serves as Team Leader in the Business Continuity Procedure / Plan (BCP)
a. For scenarios or events confined or limited only to the Team’s specific area of responsibility, perform initial assessment of the situation. Authorize the implementation of initial actions necessary to alleviate or contain the emergency. Activate the BCP.
b. Communicates instructions from the EMCOM following the defined communication flow.
c. Provides over-all supervision to units under their assigned areas during emergencies.
d. Reports updates regarding the emergency up to restoration of normal process to the EMCOM.
e. Submits required reports on or before the specified deadline using standard templates.
a. Conducts orientation/training on the approved BCP to units under assigned areas.
b. Supervises the unit’s participation in BCP tests scheduled by the EMCOM; reports problems encountered during testing, and consolidates the BCP test results for reporting to the EMCOM.
c. Conducts annual review of the departmental BCPs and recommends revisions, as necessary, to conform to existing business requirements/set/up. Recommends approval of the BCP revisions to the EMCOM.
d. As needed, updates the details of specific persons listed / named in the department’s / branch’s call tree.
e. Maintains a copy of the Team’s call tree,
f. Conducts orientation on new/revised departmental BCP guidelines.
g. Identifies pool of existing employees within each unit/area or with other units who will be trained in key operations in the assigned area of responsibility.
h. Submits required reports on or before the specified deadline using standard templates.
• Actively participates in Service Quality initiatives and ensures that satisfactory ratings in such initiatives are attained.
• Performs miscellaneous audit functions when the need arises.
- Candidate must possess at least a Bachelor’s/College Degree , Computer Science/Information Technology or equivalent.
- Required skill(s): IT Auditing, CISA, Audit Command Language Acl.
- At least 5 – 10 year(s) of working experience in the related field is required for this position.
- Must be came from financial institutions, bank, insurance or any other related course.
- Applicants must be willing to work in Makati City.
- Preferably Assistant Manager / Managers specializing in IT/Computer – Network/System/Database Admin or equivalent.
- Full-Time position(s) available.