Summary : -

To evaluate the adequacy and effectiveness of IT controls, cybersecurity measures, and regulatory compliance within the organization. The role supports GIA’s mission to provide independent assurance over IT governance, risk management, and internal controls, particularly within the payment services ecosystem.

Job Responsibilities :-

1. IT Audit Planning & Execution

Plan, execute, and document IT audits covering infrastructure, applications, databases, IT project implementation and cybersecurity.

Perform audits in accordance with risk-based audit plans and relevant professional standards.

Identify control weaknesses and propose practical, risk-based recommendations.

2. Regulatory Compliance

Independently assess IT-related compliance with Bank Negara Malaysia (BNM) regulatory requirements, with a focus on RMiT, MAPD, and MCIPD, to ensure alignment with regulatory expectations and identify potential control gaps.

Review and evaluate the adequacy and effectiveness of controls implemented to meet the requirements of PCI DSS, ISO/IEC 27001, and other applicable industry standards.

3. IT Risk Assessment

Assess the effectiveness of management’s oversight and controls over IT-related risks, including those associated with cybersecurity, technology infrastructure, change management, and third-party service providers, to ensure risks are appropriately identified, mitigated, and monitored.

Evaluate the adequacy and effectiveness of risk mitigation strategies and the robustness of business continuity and disaster recovery processes.

Provide independent assurance on the organization's IT Security Risk Assessment (ITSA) process, ensuring aligns with regulatory expectations and industry best practices.

4. Reporting & Follow-up

Prepare clear and concise audit reports with actionable findings and root cause analysis.

Present audit outcomes to stakeholders, including senior management and relevant committees.

Monitor remediation progress and verify closure of audit issues.

5. Stakeholder Engagement & Advisory

Liaise with IT, Information Security, CISO, and Compliance departments.

Provide advisory input on IT risk, control design, and compliance matters.

Stay abreast of emerging threats, technologies, and regulatory changes relevant to the payment industry.

Job Requirements :-

Candidate must possess with a minimum five (5) years of working experience in IT audit, preferably in financial services or payment industry.

Strong knowledge of IT Infrastructure, security controls and payment systems.

Analytical mindset with attention to detail.

Strong communication and report writing skills.

Ability to work independently and manage multiple assignments.

Good command in English and Bahasa Malaysia.

Working location: Bandar Sri Damansara, Kuala Lumpur.

Education Requirements :-

Candidate must possess at least Bachelor’s Degree in Information Technology, Cybersecurity or related field – CISA, CISM, CISSP and ISO 27001.