IT Staff Auditor

Role Overview
The IT Staff Auditor will be responsible for supporting IT compliance programs across multiple platforms (primarily SAP and other third-party systems). The role focuses on Sarbanes-Oxley (SOX) IT General Controls (ITGC) testing, maintaining the IT Risk Control Matrix, and contributing to other compliance frameworks such as ISO 27001, CMMC, GDPR, and regional audit requirements. You will work closely with IT, Information Security, Business Compliance, and Internal Audit to ensure controls are designed, tested, and remediated effectively.

Key Responsibilities

  • Perform and review SOX ITGC testing (access, change management, program development, computer operations) across applications, databases, operating systems, and networks.
  • Maintain and update the IT Risk Control Matrix, ITGC narratives, testing procedures, and issue logs.
  • Assist with annual IT risk assessments, including identification of key financial systems, control evaluation, and test plan development.
  • Collaborate with IT teams to remediate deficiencies and improve control effectiveness.
  • Support ISO 27001 certification, GDPR implementation, and other compliance programs as needed.
  • Evaluate third-party SOC 1/SOC 2 reports against system control requirements.
  • Provide audit support for system development lifecycle (SDLC) projects and key control deliverables.
  • Act as liaison with internal/external auditors and ensure timely communication of ITGC issues.
  • Identify opportunities for automation and process improvements in ITGC testing.
  • Contribute to training, documentation, and awareness efforts for IT controls.

Requirements

  • Bachelor’s/Master’s degree in IT, Computer Science, or related field.
  • 3–5 years of IT audit or compliance experience.
  • Strong knowledge of SOX ITGC frameworks, COBIT, and NIST.
  • Broad understanding of IT infrastructure (OS, databases, networks, ERP).
  • Experience executing and reviewing ITGC test results, with ability to recommend and track remediation.
  • Strong stakeholder management, communication, and documentation skills.
  • Nice to have: SAP ECC/BW/SCM/PI/PO/TM/BOBJ experience, SAP GRC (SOD analysis), CISA/CIA certification, ISO 27001/NIST 800.x/CMMC exposure, project management skills.
Job Type: Contract (12 Months Renewable)
Job Location: Penang

Apply for this position

Allowed Type(s): .pdf, .doc, .docx