it auditor / internal auditor (subject matter expert).

We are seeking a highly specialized and experienced IT Auditor / Internal Auditor (Subject Matter Expert) to join We are looking for an Industry Master—someone who doesn't just follow guidelines but challenges them. You will be the SME stepping into complex Joint Ventures (JVs), M&As to build a legacy of governance. We need a "Hunter" mindset: someone who understands the end-to-end (E2E) lifecycle of a refinery as deeply as they understand Transfer Pricing and Cybersecurity.

about the job

Engineering & Operational SME

• Deep knowledge of Project Management from inception to completion, including procurement, contract governance, and invoicing.
• You understand the mechanics of Refineries (Upstream/Downstream), R&D, Shipping, and Quality Assurance.
• You can walk onto a site and identify operational risks, specifically in inventory management and safety protocols.

Financial Architecture & M&A

• Expertise in high-level finance including Treasury, Transfer Pricing, Hedging, and complex M&A integrations.
• Ability to standardize reporting across diverse affiliates, JVs, and complex global structures.
• Strong foundation in Taxation, Legal frameworks, and Sustainability reporting.

The Cybersecurity Pillar (Non-Negotiable)

• Lead and execute end-to-end technical cybersecurity audits, focusing on every aspect of the control environment, from design effectiveness to operational execution.
• Contribute to the design and implementation of the regional cybersecurity audit program, detection methods, and risk assessment frameworks.
• Strong foundation in Cybersecurity audits. We expect mastery in ISO 27001, SOC 2 Type II, and NIST/NCA frameworks.
• Assess the proper use of security tools, firewalls, and data leakage prevention (DLP) systems, and ensure compliance with regional APAC regulations.
• Audit the effectiveness of security incident response, breach detection, and reporting protocols.
• Plan and perform comprehensive audits of SAP HANA systems, focusing on the integrity of the in-memory database and associated applications.
• Review the effectiveness of controls embedded within critical business processes (e.g., Treasury, Finance, HR SuccessFactors) that utilize SAP, particularly focusing on process automation and system-driven controls.
• Audit users and system-level security, including advanced segregation of duties enforcement within the SAP environment.
• Define and execute the audit strategy for managing organizational risk arising from public cloud services, including specific expertise in iCloud audit.
• Differentiate between, and test controls for, internal (corporate-managed), external (vendor-managed), and hybrid cloud deployments.
• Assess controls related to data retention policies, data leakage prevention across APAC regions, and the proper use of encryption and access logs in cloud storage.
• Evaluate compliance with varying data privacy and security regulations across multiple jurisdictions in the APAC region.

skills and experience required
Minimum 10 to 15 years of progressive experience in IT Audit, Information Security, or a highly technical risk function.

Experience with "rolling up the sleeves" and performing deep, technical, hands-on audit work, not just overseeing staff.

Demonstrated expertise in auditing enterprise systems (SAP HANA, S/4HANA, SuccessFactors) and complex cloud/SaaS environments (iCloud, AWS/Azure governance).

A strong portfolio of multiple security/cloud certifications (e.g., CISSP, CISM, CCSK, CISA relevant SAP security certifications) is highly desirable.

whats an offer
This a permanent opportunity for an IT Auditor / Internal Auditor (Subject Matter Expert), offers a salary range of $ 10,000 to $ 15,000, inclusive of benefits.

To apply online please use the 'apply' function, alternatively you can reach me at
https://www.linkedin.com/in/Oliviatoh-032330132/. (EA: 94C3609 / R22109942)