The role holder would be responsible for managing the audit relating to Information Technology and Information Security of the Bank and KBZ Pay including risk assessment, evaluation of control effectiveness and ensuring compliance with regulatory requirements and KBZ’s policies and procedures.
Responsibilities
• Determine the scope, risk, and frequency of Information Technology (IT) audit in consultation with the Functional Audit Head and Head of Internal Audit
• Perform risk assessment of IT Controls including general controls and application-level controls, systems, data confidentiality, cybersecurity and any other emerging IT trends
• Perform risk assessment for mobile banking towards KBZ Pay and understand the controls towards it
• Draw up a risk matrix of inherent risk, controls and residual risks based on walkthroughs and in consultation with the IT function head and Superiors
• Develop an IT audit program and assist the team in developing audit steps to be performed
• Lead the audit team in performance of risk-based IT audit and reviews of systems, applications and IT processes for Bank as well as KBZ Pay
• Ensure that the team has maintained suitable work papers and audit documentation
• Discuss, verify and obtain agreement on audit findings, impact and audit recommendation with IT Function Heads and finalize the IT audit report
• Perform reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate
• Assist the Bank and KBZ Pay in strengthening the IT Governance, risk management and IT controls environment
• Performs an advisory role for all Value Centres and Functions from an audit and compliance perspective, through demonstrating deep understanding and know-how by keeping abreast of the key development in Systems & IT infrastructure/process areas in order to ensure overall operational efficiency and delivery of superior service standards

• Investigate and determine causes of irregularities/ errors and recommend corrective actions and improvement opportunities
• Perform pre and post implementation reviews for system implementations or enhancements
• Implement a tracking system to follow up on the open issues to validate the remedial actions put in place and escalate, if required
• Provide Functional Audit Head with regular progress reports and information on IT Audit in an accurate and timely manner and/or as requested
• Obtain regular updates from the team on progress for IT audits
• Assist the IA team on technology tools and techniques that can assist in better performance of audit
• Keep abreast of new developments, methods and techniques in banking and IT industry
• Drive a performance-based culture in the team by timely monitoring, review of performance parameters and feedback to the team members

• Bachelor’s or Master’s degree, ideally in Information Technology/Computer Information Systems or related field.
• Preferred with qualifications such as CPA, Certified Information Systems Auditor (CISA)
• Advanced level of English language (Written and spoken)
• Advanced level of Microsoft Office (Word, Excel, Power point, Outlook), IT audit methodologies, IT Applications, Banking software
• Advanced knowledge of cyber security audit, data loss prevention, etc.
• Thorough understanding of applicable laws including Myanmar Financial Institutions Law, regulations, directives, instructions and guidelines issued by the Central Bank of Myanmar
• Minimum 7 years of experience in a financial institution with at least 3-4 years in internal audit/ IT related activities
• Team management experience for 3-4 years
• Experience with IT Operations desirable
• Strong knowledge of standard audit practices and ability to apply them;
• Good analytical, investigative skills and attention to details
• Good knowledge of financial and operational audit; including bank or financial institution policies and procedures;
• Understanding of multiple technology domains including software development, Windows, database management and networking;
• Understanding of information security standards, best practices for securing computer systems, and applicable laws and regulations
• Ability to lead and manage audit teams;
• Ethical standards and integrity in both their personal and professional dealings;
• Strong communication skills and ability to communicate effectively with technical and non-technical audiences