Internal Audit Senior Manager - Fintech Payment
GoTo Group · Indonesia
About the Role At GoTo, our business continues to evolve through rapid technological advancements and an ever-changing regulatory landscape. As an Internal Audit Senior Manager, you will play a key role in strengthening our risk-based assurance framework across both technology and business operations. Working at the intersection of governance, technology, and financial regulation, you’ll help ensure our control environment remains scalable, secure, and compliant while supporting the growth of one of Southeast Asia’s leading digital ecosystems. This role offers the opportunity to work closely with senior leadership, gain exposure to complex technology platforms, and shape audit strategies that strengthen governance across our business.
What You Will Do: Lead regulatory audits related to the payment business, including new product filings, Anti-Money Laundering (AML), ISO standards, and other regulatory requirements. Lead and mentor a team of auditors in planning, coordinating, and executing risk-based audits across technology infrastructure, software applications, and core business processes. Manage end-to-end audit projects, including resource planning, timelines, budget management, and quality assurance reviews. Prepare clear and structured audit reports, translating complex technical findings into actionable recommendations for senior management, executive leadership, and regulatory reporting. Act as the Audit Committee secretariat by coordinating, preparing, and aligning materials for periodic Audit Committee meetings across relevant governance stakeholders.
What You Will Need: Minimum of 10 years of internal audit roles in accounting firms, financial services, fintech, or banks.
Strong knowledge and practical, hands-on experience delivering Bank Indonesia (BI)-related audits and filings.
Strong understanding of payment systems, processes, and technology stacks.
Must hold a CISA (Certified Information Systems Auditor) certification as a mandatory minimum requirement; additional designations such as CISSP or CISM are highly preferred.
Strong familiarity with testing automated application controls, data reconciliation tools, and data privacy frameworks within high-transaction environments.
Demonstrated experience coaching and developing junior auditors, combined with the confidence, gravitas, and maturity required to interact with, challenge, and influence executive stakeholders and regulatory partners.
Full professional fluency in English (written and verbal) for board-level reporting, proficiency in Google Workspace, and exceptional project management skills to deliver multi-threaded audit initiatives within tight deadlines.