Description

Overview of Division/Department

Our Internal Audit Department (IAD) Asia-Pacific Office (IADAP) in Singapore is responsible for providing independent assessments of various risk and control environment of departments,
branches and subsidiaries, by conducting audits, credit review and continuous monitoring. IAD acts as an
independent consulting function, designed to add value, improve the Bank's operations and sound credit and other various risk management functions. Currently IADAP is responsible for the branches and subsidiaries in Singapore, Australia, Thailand, Myanmar, Cambodia, Malaysia, Indonesia, the Philippines, Vietnam, India, Hong Kong, Taiwan and South Korea.

Company Profile
MIZUHO BANK IS THE BANKING SUBSIDIARY OF MIZUHO FINANCIAL GROUP, WHICH IS HEADQUARTERED IN TOKYO, JAPAN. MIZUHO FINANCIAL GROUP, INC. IS THE 15TH LARGEST BANK IN THE WORLD, AS MEASURED BY TOTAL ASSETS OF APPROXIMATELY US 2 TRILLION. MIZUHO'S 55,000 EMPLOYEES WORLDWIDE OFFER COMPREHENSIVE FINANCIAL SERVICES TO CLIENTS IN OVER 800 OFFICES THROUGHOUT THE AMERICAS, EMEA, AND ASIA.

MIZUHO BANK SINGAPORE BRANCH HAS AN ESTABLISHED LOCAL PRESENCE WITH OVER 50 YEARS OF HISTORY AND SERVES AS THE REGIONAL HUB FOR THE BANK'S APAC OPERATIONS.

OPERATING WITH A FULL BANK LICENSE, MIZUHO BANK SINGAPORE BRANCH PROVIDES BANKING SERVICES TO OVER 2,000 JAPANESE AND NON JAPANESE CORPORATE CLIENTS, WITH A STAFF STRENGTH OF ABOUT 1,000 EMPLOYEES. WE PROVIDE EXPERTISE IN CORPORATE FINANCE, TRADE FINANCE, CASH MANAGEMENT, FUNDS TRANSFERS, PROJECT FINANCE, AND TREASURY SERVICES TO HELP BUSINESSES DEVELOP AND FIND NEW OPPORTUNITIES. WE ALSO COLLABORATE WITH OUR AFFILIATE COMPANY, MIZUHO SECURITIES, TO PROVIDE INVESTMENT BANKING SOLUTIONS TO OUR CLIENTS.

Job Responsibilities

• IT Project Review & Governance Audit:
  • Plan, execute, and report on audit assignments for both ongoing and completed projects, ensuring alignment with bank policies, regulations, and international standards (including MAS and ISO frameworks).
  • Assess project management processes for compliance with governance requirements, identifying risks in execution, cost, scope, and schedule.
  • Review project documentation for completeness, accuracy, and regulatory adherence, including risk assessments at various project phases.
  • Collaborate with project managers and stakeholders to advise on IT risk management and control design throughout project lifecycles, recommend process improvements and close identified gaps.
  • Monitor implementation of audit recommendations to ensure corrective actions are effective and timely.
• Integrated and Application Controls Audit
  • Evaluate effectiveness of application controls in banking platforms, focusing on completeness, accuracy, validity, authorisation, segregation of duties, and reliability of financial data processing.
  • Review both manual and automated controls, including system documentation, input, processing, output, data transmission, and master file controls.
  • Test application controls relevant to core banking systems, payments, regulatory reporting, digital channels, and financial products.
  • Analyse change management across applications, infrastructure, and databases, assessing the impact of releases and upgrades.
• System Development Lifecycle (SDLC) & DevSecOps/Agile Audits:
  • Assess design and operational effectiveness of controls across SDLC phases, including requirements gathering, development, testing, deployment, and maintenance.
  • Audit agile and DevSecOps practices to ensure continuous integration of security, compliance, and control requirements.
  • Evaluate security controls embedded in DevSecOps pipelines, such as automated code scanning, penetration testing, secure architecture reviews, and compliance validation.
  • Verify cloud and hybrid environment controls, ensuring alignment with MAS TRM and global regulatory standards.
• IT General Controls & Risk Management:
  • Conduct risk assessments for new and existing systems, focusing on data integrity, cybersecurity, fraud prevention, and compliance.
  • Advise on remediation of identified control weaknesses in collaboration with management, technical teams, and external auditors.
  • Provide recommendations for improving the bank's IT control environment and its application across new industry technologies (e.g. cloud, AI/ML, blockchain).
• Stakeholder Engagement & Reporting:
  • Engage proactively with IT, risk, compliance, and business teams to facilitate alignment of audit findings with business objectives.
  • Prepare and present thorough audit reports and risk assessments to senior management and audit committees.
  • Participate in continuous improvement initiatives for the audit function and deliver training on best practices in project and application auditing.
• Continuous Improvement:
  • Stay abreast of emerging technologies, regulatory requirements, and industry best practices.
  • Contribute to the enhancement of audit methodologies, tools, and frameworks.

Job Requirements

• Education & Experience:
  • Bachelor's degree in information technology, Computer Science, or equivalent.
  • 8-12 years of hands-on IT audit experience, preferably in a regulated banking or financial services setting.
  • In-depth knowledge of SDLC methodologies (Agile, Waterfall, Hybrid), application controls (including financial reporting systems), SDLC, Agile, and DevSecOps practices.
  • Hands-on experience with DevSecOps tools and frameworks.
  • Proficient in project management and risk assessment techniques.
  • Strong expertise in cybersecurity, cloud risk assessments, data analytics, application controls, IT general controls, and compliance with MAS TRM guidelines.
  • Excellent understanding of regulatory requirements and international standards (COBIT, NIST, ISO/IEC 27001, MAS TRM).
  • Superior analytical, communication, and stakeholder management skills.
  • Experience with data analytics platforms, enterprise security tools, and cloud environments is highly desirable.
• Additional Relevant Duties from Industry Best Practices:
  • Participate or observe in key testing events (e.g. BCP/DR), or critical system implementations.
  • Support ad-hoc investigations and management requests in relation to IT risk incidents, regulatory inquiries, or forensic analysis.
  • Lead audit programme development and documentation of findings in support of continuous maturity upgrades.
  • Drive adoption and standardisation of best practices in IT risk management and audit across the region.
• Banking Knowledge:
  • Familiarity with corporate and commercial banking products, processes, and regulatory requirements.
• Certifications (Preferred):
  • CISA, CISSP, PMP, or equivalent professional certifications.
• Core Competencies:
  • Excellent analytical, communication, and report-writing skills.
  • Ability to work independently and collaboratively in a multi-disciplinary team.
  • Strong stakeholder management and influencing skills.