JOB DESCRIPTION

Head - IT Audit

- Senior Leadership | Finance & Controls | Manufacturing Preferred

Role Purpose

The Head - IT Audit will be responsible for independently assessing the design and operating effectiveness of IT controls across the organization. The incumbent will anchor enterprise-wide IT risk assurance, drive ERP audit coverage, and partner with senior leadership on technology governance. Manufacturing sector exposure will be a distinct advantage given the operational technology (OT) and ERP landscape.

Key Responsibilities

IT Audit & Assurance

- Lead end-to-end IT audit assignments covering ERP systems (SAP / Oracle), application controls, ITGC, cybersecurity, and data governance

- Execute risk-based annual IT audit plan aligned with enterprise risk framework

- Conduct audits of IT infrastructure, cloud environments, network security, and access management

- Evaluate IT controls embedded in financial reporting processes (SOX / IFC compliance)

Manufacturing & OT Systems

- Assess controls over SCADA, MES, and other operational technology systems in plant environments

- Review IT/OT convergence risks specific to shop floor automation and connected manufacturing

- Audit ERP integration with production planning, inventory, and supply chain modules

Risk & Governance

- Identify and articulate IT risks in business language for Board / Audit Committee presentations

- Drive IT risk register updates and monitor remediation of high-priority findings

- Support implementation of IT governance frameworks (COBIT, ISO 27001, NIST)

- Provide inputs to enterprise risk management on emerging technology risks

Stakeholder Management & Reporting

- Present audit findings and recommendations to C-suite, Audit Committee, and external auditors

- Collaborate with IT, Finance, and Operations heads on control design improvements

- Coordinate with Big 4 / statutory auditors on IT audit reliance and co-sourcing engagements

Team & Function Building

- Build and manage a team of IT audit professionals; establish quality standards and methodology

- Drive adoption of data analytics and CAATs tools within the audit function

Mandatory Qualifications & Certifications

CISA

Certified Information Systems Auditor (ISACA) - MANDATORY

CA

Chartered Accountant - ICAI - MANDATORY

Preferred Add-ons

CISM | CISSP | CIA | ISO 27001 Lead Auditor

Experience Profile

- 12-15 years of progressive experience in IT audit, IT risk, or information security assurance

- Minimum 5 years in a leadership / managerial role overseeing IT audit teams

- Hands-on experience auditing ERP platforms - SAP (preferred), Oracle, or equivalent

- Deep expertise in ITGCs, application controls, SOX / IFC IT control testing

- Prior exposure to manufacturing, FMCG, industrial, or process industry environments is a strong plus

- Experience working with / for Big 4 or top-tier internal audit functions will be valued

- Familiarity with GRC tools (RSA Archer, ServiceNow GRC, or similar) preferred

Technical Competencies

Core IT Audit

- IT General Controls (ITGCs)

- Application Control Reviews

- ERP Audit (SAP / Oracle)

- Cybersecurity Audits

- Cloud & Infrastructure Reviews

- Data Privacy & GDPR / PDPA

Frameworks & Standards

- COBIT 2019

- ISO 27001 / 27002

- NIST Cybersecurity Framework

- SOX / IFC IT Controls

- IIA Standards (IPPF)

- ITIL / IT Service Management

Leadership & Behavioural Attributes

- Executive presence - ability to communicate risk and control issues to non-technical stakeholders

- Strong commercial acumen combining financial controls with technology risk judgment

- Independent and objective - capable of holding difficult conversations with senior management

- Data-driven mindset; champions use of analytics in audit execution

- Collaborative approach in working with IT, Finance, Operations, and legal teams

- High integrity and professional ethics; role model for audit independence standards