Job Description

The Regional IT Auditor will be responsible for conducting IT audits across the Asia Pacific region (especially for SMBC India Office). This role focuses on evaluating the effectiveness of governance, risk management, and control processes within information technology environments across SMBC APAC offices.Responsibilities

• Lead and/or execute Information Technology and Information Security audits independently and efficiently, which includes audit planning, key control evaluation and testing, report drafting, as well as follow-up and closure of issues. Perform these audit activities in accordance with the Bank\'s internal audit methodology.
• Assess the Bank\'s Information Technology and Information Security internal control environment to provide comprehensive insights into the current risk posture, identify potential vulnerabilities, and recommend strategic improvements. These recommendations aim to enhance the overall security framework and ensure compliance with regulatory requirements.
• Provide value-adding recommendations to management to address emerging issues or remediate identified weaknesses.
• Apply data analytics to assess the internal control environment.
• Establish and develop good working relationships with management of assigned Information Technology and Information Security functions, for which the candidate has been assigned risk assessment responsibilities.
• Contribute to the annual risk assessment exercise by developing a thorough understanding of the business strategy, plans, products, processes, performance, risks, and issues of the assigned Information Techology and information Security functions.
• Perform continuous monitoring on assigned Information Technology an Information Security functions to keep abreast on evolving markets, regulatory, business and operational changes to drive appropriate ongoing audit coverage.
• Perform continuous monitoring of assigned Information Technology and Information Security functions to stay informed about evolving markets, regulatory changes, business, and operational shifts. This ongoing monitoring helps drive appropriate audit coverage.
• Keep abreast of regulatory changes and industry best practices (e.g. MAS, RBI, APRA).
• Participate in the team\'s strategic initiatives and projects as opportunities arise.

• CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), or equivalent preferred.
• Familiar with the regulatory requirements specific to technology risk management (e.g. MAS, and RBI).
• Familiar with execution of risk-based audit approach.
• Strong understanding of IT audit methodologies, cybersecurity controls, frameworks (e.g., COBIT, ISO 27001, NIST), and ITGC (IT General Controls).
• Proficient in both spoken and written English.
• Good interpersonal and stakeholder management skills.
• Good team player as well as able to work independently.
• Meticulous, disciplined and self-motivated individual with the passion to pursue excellence.

Sumitomo Mitsui Banking Corporation