Head of Internal Audit

Lead the company' Internal Audit function as a strategic, risk-based assurance partner to the Board of Directors and the Audit Committee. Drive integrated audit coverage spanning financial reporting, operational efficiency, IT and information security, management-system compliance, and enterprise risk across the group with approximately 19 entities in property, hospitality, and supporting services.

Internal Audit operates as the Third Line of Defense in governance, risk, and control framework — providing independent assurance over the first line (operational management) and second line (risk, compliance, and control functions). This is a transformation-oriented seat. We are looking for a leader who can modernize the audit function beyond traditional financial controls — building integrated assurance over ISO management systems, information security and data privacy, ESG, and end-to-end business processes — while remaining fully credible to OJK, BEI, external auditors, and the Komite Audit.

1. Audit Strategy & Leadership

• Develop and execute a multi-year, risk-based audit plan aligned with the group' strategic objectives and the group’s risk profile.
• Lead, develop, and mentor the Internal Audit team across financial, operational, IT, and management-system audit disciplines.
• Report directly to the Komite Audit on audit results, control deficiencies, root causes, and management remediation.
• Maintain Internal Audit independence and objectivity per the IIA International Professional Practices Framework (IPPF).
• Lead the Internal Audit Charter, methodology, and quality assurance & improvement program (QAIP).
• Build a data-analytics and continuous-auditing capability — deploying audit tools (e.g., ACL, IDEA, TeamMate, Power BI) to enable full-population testing, anomaly detection, and ongoing control monitoring across the Group.

1. Integrated Audit Coverage

• Financial audit: review of financial reporting, internal control over financial reporting (ICoFR), tax compliance, and consolidation across subsidiaries.
• Operational audit: end-to-end business process review, SOP compliance, value-for-money, and operational efficiency.
• IT and information security audit: ISO 27001/27701 compliance, cyber risk, guest and tenant data privacy under UU PDP.
• Management system audit: ISO 9001 (Quality), ISO 14001 (Environment), ISO 45001 (OH&S), ISO 42001 (AI governance), and ESG framework.
• Compliance audit: OJK, BEI, PSAK, statutory and regulatory adherence applicable to a listed property and hospitality group.
• Investigation and fraud audit when required, in coordination with the Komite Audit and Legal.

1. Risk & Process Improvement

• Maintain enterprise risk register and risk management framework in coordination with subsidiary leadership.
• Lead business process mapping, SOP creation, issuance, and standardization across the group — including drafting, reviewing, and maintaining the SOP library in coordination with process owners.
• Drive continuous improvement, cost efficiency, and process optimization programs that translate audit insights into operational value.
• Support ISO certification readiness and surveillance audits in coordination with accredited certification bodies.

1. Stakeholder & Governance

• Liaise with external auditors (KAP) on annual audit and quarterly review activities.
• Coordinate with regulators (OJK, BEI, DJP) on compliance, disclosure, and audit-related matters.
• Brief the Komite Audit quarterly on audit results, risk maturity, and control environment.
• Partner with subsidiary functional leaders on remediation of audit findings and adoption of best-practice controls.
• Oversee the Whistleblowing System (WBS) jointly with the Komite Audit — including intake, triage, investigation protocols, and reporting of substantiated cases to the Board.

Education

• Bachelor’s degree (S1) in Accounting, Finance, Industrial Engineering, Information Systems, or a related discipline.
• Master’s degree (S2) in Accounting, Finance, Business, or Risk Management is preferred.

Experience

• Minimum 12 years of progressive experience in audit (internal, external, or consulting); at least 5 years in a senior audit leadership role.
• Demonstrated experience leading audits across multiple disciplines — financial, operational, IT, and management systems.
• Track record of designing and implementing ISO management systems and integrated risk frameworks across multi-entity organizations.
• Exposure to listed companies (Tbk) and the OJK / BEI regulatory environment.
• Property, hospitality, or multi-subsidiary group experience is a strong plus.

Professional Certifications (one or more required)

• CIA — Certified Internal Auditor.
• QIA — Qualified Internal Auditor.
• CISA — Certified Information Systems Auditor.
• CPA / CA — Certified Public Accountant or Chartered Accountant.
• IRCA Lead Auditor — ISO 9001, ISO 27001, ISO 45001, or ISO 42001.
• Risk Management Professional certification (e.g., CRMP, FRM) is highly valued.

Due to the high volume of applications we are experiencing, our team will only be in touch with you if your application is shortlisted.