Apply now »

Job Title:  Senior Manager - IT Audit

Job Number:  23083

Country: Malaysia
Kuala Lumpur
Function: Finance
Level: Experienced Professional
Appointment Type: Permanent

Purpose Statement

To lead and control complex IT (infrastructure, cyber and application) audits within the group (or its suppliers), managing and coordinating the delivery of internal annual audit plan and risk management processes in line with strategic direction.  To manage and develop the IT Audit Team globally to ensure the Institute of Internal Audit (IIA) professional standards are met and BAT IA’s objectives are achieved.




Strategic Scope: Execution of strategy / Process custodianship.

Reporting Level: Manager of Managers with up to 6 direct reports (including acting as audit assignment Lead or Controller).


Key Accountabilities


  • Prepare and gain agreement to IT audit plans based on the risk profile and objectives of the target business area.  Optimise audit resource allocation to ensure achievement of the audit plan considering skills needed and requirements of the business.
  • Leads complex IT internal audits in order to form an independent and objective view on risk management practices and the internal control environment by:
    • Writing reports for management and Audit Committees that clearly and accurately explain the audit findings, their cause and impact on the defined business process objectives.
    • Agreeing action plans with management to bring about the necessary improvements in the processes.
    • Collating relevant governance reports from management.
    • Monitoring and reviewing audit field work / deliverables and ensuring that it is completed to an acceptable level of quality and conducted in a professional and timely manner.
    • Performing ad hoc investigations and supporting senior management enquiries.
    • Ensuring all audit work is fully documented within the Audit Management System in line with IIA Standards and the BAT Business Audit Methodology.
  • Communicate and review audit results with key IT stakeholders, liaising with management to adopt recommendations that improve internal control systems and risk management.
  • Assisting in the delivery of a best practice audit and business risk service with a focus on IT.
  • Prepare for and coordinate the activities of relevant Audit Committees, providing support to the Committee Chairman and Management, where required.
  • Coordinate and or participate in the delivery of IT training to Audit staff to support the global delivery of audit services.
  • Line management responsibility for Senior Auditors, Audit Managers and Audit Project Team management responsibility for individual assignments.  This includes timely and clear feedback on their performance and development needs.


Contextual Information


i. Additional Context




ii. Knowledge, Skills and Experience


  • Degree educated with relevant professional qualification.
  • Significant experience of security and IT risk management principles including NIST, ISO, ITIL and COBIT.
  • Experience in cloud computing (including data management) concepts, technologies and risk mitigation practices.
  • Significant experience with significant accounting firm and/or corporate industry experience, including SOX.
  • Significant experience in SAP Basis and articulating SAP system exceptions into non-technical business relevant impact scenarios.
  • Relevant qualification of either CISA, CRISC, CISM or CISSP.
  • Significant experience dealing with external auditors, statutory and regulatory bodies.
  • Experience in a global FMCG or similar dynamic operating environment and a good understanding of the tobacco business.


iii. Working Relationship



  • Align internal audit activities with the review activities of other BAT departments (e.g. Second Line of Defence Teams including Business Controls Team (BCT), EH&S, Global Security, IT Security and other review activities).
  • Business unit managers and suppliers –credible and strong working relationship and stay current with business developments.
  • IT/Project Management/Change programmes – provides expert advice, guidance and auditing in the areas of risk management and controls.



  • External Auditors – ensure that they provide added value services, agree an annual evaluation of their performance



British American Tobacco is one of the world’s leading multinational companies, with brands sold in over 200 markets, made in 44 factories in 42 countries.

We are proud that we are consistently among the top 5 companies on the London Stock Exchange.

Our portfolio includes our world-famous Global Drive Brands – Dunhill, Kent, Lucky Strike, Pall Mall and Rothmans – along with many other leading international brands, such as Vogue, Peter Stuyvesant and State Express 555.

Alongside our traditional tobacco business, we are also developing products that offer consumers potentially less risky alternatives to regular cigarettes. Our Next Generation Products are already leading the way in the Industry of vapour and tobacco heating devices. We continue to develop a solid portfolio of consumer solutions which already include well known global brands like Vype, glo and Voke.

Contractual Legal Entity: BAT Aspac Svc Centre S.B. (MY51)

Apply now »