Manager, IT Control, Compliance & Assurance

Kuala Lumpur
Tetap
Sepenuh masa

1 hari lepas

Grow your career with usHere at Averis, our common purpose is to improve lives by developing resources sustainably. Our people are crucial in helping us to realise our vision to be one of the best Global Business Solution (GBS) organization to support our customers in creating value for the Community, Country, Climate, Customer and Company.Responsibilities:Position SummaryThe IT Control Compliance & Assurance Manager will be responsible for planning, executing, and overseeing IT Control Compliance & Assurance programs across the company’s operations. This includes evaluating IT general controls (ITGC), application controls and compliance with relevant industry and internal standards.This role also conduct IT compliance assessments and IT practice audits to evaluate the maturity, effectiveness, and consistency of IT practices to drive measurable improvement in control posture across sites.Key ResponsibilitiesA. IT General Control Assessment & Independent Assurance

Perform design and operating effectiveness assessments for key ITGC domains:

Access Management

Change Management

Backup, Restore & DR

Logging & Monitoring

Patch & Vulnerability Management

Configuration Baselines / Hardening

SDLC & Release Management

Validate that LoD 1 maintains evidence, logs, tickets, and control documentation.

Evaluate the design and operating effectiveness of IT controls.

B. Pre-Project Implementation Audit and Audit Readiness Checks

Perform pre-project implementation audits for significant IT initiatives prior to go-live or major deployment.

Provide independent assurance and recommendations to project teams and control owners to address control gaps early in the project lifecycle.

Conduct pre-audit walkthroughs with control owners.

Verify completeness and quality of evidence before Internal Audit/External Audit testing.

Identify gaps early and ensure timely remediation.

C. IT Compliance Assessments and IT Practice Audit

Plan and perform periodic IT compliance assessments across operational locations.

Assess site-level adherence to:
IT General Controls (ITGC)
Security, operational controls and standards
Control design effectiveness, operating effectiveness, and consistency of execution across sites.
Identify systemic weaknesses, location-specific gaps, and recurring control failures.

Conduct risk-based IT practice audits focusing on how LoD1 executes day-to-day IT practices

Translate findings into clear, actionable improvement recommendations.

D. Compliance & Policy Adherence Monitoring

Perform periodic compliance reviews against:

Group IT policies

Security standards

Hardening baselines

Flag non-compliance and escalate unresolved issues.

Required Qualifications & Skills

Bachelor’s degree in Information Technology / Computer Science / Information Systems / Cybersecurity / Business or related field.

At least 3–5 years’ experience in IT audit, IT compliance, internal audit, risk management, or related role.

Solid understanding of IT control frameworks and standards (e.g. COBIT, COSO, ISO/ISO-27001, general ITGC and application control concepts).

Strong analytical, problem-solving and risk-assessment skills; ability to identify control gaps and propose practical remediation actions.

Excellent written and verbal communication skills — able to produce clear compliance and assurance reports and communicate findings to technical and non-technical stakeholders at all levels.

Preferred / Additional Qualifications

Professional certifications such as CISA, CISM, CRISC, or ISO-27001 Lead Auditor are a strong plus.

Prior experience working in manufacturing, industrial, or production-oriented organizations — understanding of the interplay between IT systems and production/operations.

Experience with audit or compliance tools/software, data analytics tools (e.g. audit data analytics, log analytics), and ability to work with cross-functional teams.

When you send us your resume and personal details, it is deemed you have provided your consent for us to keep or store your information in our database. All the information you have provided is only used for the recruitment process. Averis will only collect, use, process or disclose personal information where and when allowed to under applicable laws.
Only shortlisted candidates will be contacted for an interview. We endeavour to respond to every applicant. However, if you receive no response from us within 60 days, please consider your application for this specific position unsuccessful. We may contact you in the future if there are opportunities that match your qualifications and experience. Thank you for considering a career with Averis.

Averis

Memohon