Manager - Internal Audit & Risk REF-J01-537

Job Description

Qualifications / Skills

Minimum Requirements for Candidates

• Bachelor’s degree in Accounting, Finance, Business Administration, Engineering, or a related field.
• Proven experience in auditing client delivery operations, service contracts, IT platforms, and regulatory compliance frameworks.
• Familiarity with root cause analysis (RCA), CAPA processes, and issue tracking tools.
• Expertise in global standards and frameworks (e.g., GDPR, ISO, SOC).
• Proficiency in using audit, risk, or analytics platforms
• Preferred certifications: CIA, CISA, CRMA, CPA, ISO 27001 Lead Auditor.

Expectations for Ideal Candidates

• Bachelor’s degree in Accounting, Finance, Business Administration, Engineering, or a related field.
• Preferred certifications: CIA, CISA, CRMA, CPA, ISO 27001 Lead Auditor.
• Proficiency in using audit, risk, or analytics platforms.
• Excellent communication and stakeholder management skills.
• Ability to manage multiple tasks and meet tight deadlines.
• Minimum of 7 years of experience in internal audit, risk management, compliance, or SLA governance—preferably in SaaS, BPO, or payroll outsourcing environments.

Responsibilities

• Design and execute a comprehensive, risk-based internal audit plan across financial, operational, IT, and compliance areas—specifically targeting payroll delivery, SaaS platform, client lifecycle processes, and back-office operations.
• Conduct process efficiency and compliance audits to evaluate workflow effectiveness, automation, internal controls, and adherence to policies across business functions.
• Conduct periodic SLA and contract compliance audits to verify fulfillment of client-specific service commitments (e.g., TAT, accuracy, reporting, platform availability).
• Review delivery metrics, issue logs, and system data to assess SLA performance and contractual obligations.
• Maintain and evolve the enterprise risk management (ERM) framework to identify, assess, and mitigate operational, compliance, data security, and third-party risks.
• Perform quarterly risk assessments and ensure appropriate mitigation plans are in place and monitored.
• Actively participate in Root Cause Analysis (RCA) processes for SLA breaches, audit findings, client escalations, incidents, and non-conformances.
• Support process owners in identifying systemic breakdowns, contributing factors, and long-term preventive measures.
• Ensure continuous compliance with internal policies and external regulations including ISO 27001, ISO 9001, ISO 27701, ISO 22301, SOC 1 & 2 Type 2, GDPR, NIST, and country-specific payroll rules.
• Handle RFPs, client due diligence questionnaires, and annual information security self-assessments.
• Provide periodic reports on audit findings, risk posture, compliance gaps, and control effectiveness to the senior management team, audit committee, and other key stakeholders.
• Collaborate with cross-functional teams including Payroll Operations, Implementation, Product, HR, and Compliance to embed controls and mitigate operational risks.
• Develop and deliver training programs on audit readiness, SLA compliance, risk mitigation, and information security best practices.
• Implement continuous auditing techniques using data analytics tools to proactively detect anomalies, control failures, or policy deviations in real time.
• Conduct audits and due diligence reviews on third-party service providers involved in payroll processing, software development, cloud hosting, or compliance.
• Review and test the effectiveness of business continuity and disaster recovery plans across payroll operations and technology infrastructure.
• Standardize and maintain the organization’s internal control framework aligned with COSO, COBIT, or ISO models.