Job Description & Summary

At PwC, our people in audit and assurance focus on providing independent and objective assessments of financial statements, internal controls, and other assurable information enhancing the credibility and reliability of this information with a variety of stakeholders. They evaluate compliance with regulations including assessing governance and risk management processes and related controls. Those in internal audit at PwC help build, optimise and deliver end-to-end internal audit services to clients in all industries. This includes IA function setup and transformation, co-sourcing, outsourcing and managed services, using AI and other risk technology and delivery models. IA capabilities are combined with other industry and technical expertise, in areas like cyber, forensics and compliance, to address the full spectrum of risks. This helps organisations to harness the power of IA to help the organisation protect value and navigate disruption, and obtain confidence to take risks to power growth.

Responsibilities:

• Job Description: Manager - IT Risk & Compliance
• Professional certifications such as CISA, CISM, or CISSP would be preferable.

Mandatory skill sets:

1. ITGC, SOX Testing & ITAC Controls:

• Plan, execute, and oversee IT General Controls (ITGC) audits and SOX compliance testing.
• Evaluate IT Application Controls (ITAC) to ensure system security, reliability, and compliance.
• Identify control gaps, provide remediation recommendations, and monitor follow-ups.

2. COSO Framework understanding:

• Good understanding of COSO framework, controls, principles and implementation methodology.

Preferred skill sets:

• Project Management:
• Manage and deliver multiple IT audit and compliance projects within defined timelines.
• Collaborate with internal teams and ensure project objectives are met.
• Client & Auditor Coordination:
• Liaise with overseas clients to ensure seamless delivery of compliance initiatives.
• Coordinate with external auditors for audit engagements, provide necessary documentation, and address audit queries.