You may also like
Senior Internal Auditor - IT Audit (up to $65k)
Advisory - Risk - Internal Audit - Manager / Senior Associate (with IT Audit Experience)
Ernst & Young (EY)
Audit Manager (IT Audit)
Bank of China
- Information Security
- Internal Control
- IT Audit
- IT Security
- Life Insurance
- Team Management
Associate Director, IT Audit
Location: Hong Kong, HK
The individual will provide management and the Board with an objective, independent assessment of the internal control systems through the planning and execution of audit assignments. The individual will also add value to management by providing appropriate business-oriented recommendations. He/she will assist Head of IT Audit to deliver the overall audit plan, supervise and develop the team.
- Work closely with GIA managers and CTOs to maintain the IT audit universe, develop and deliver the IT audit plan for the assigned locations
- Support Director of IT Audit to (1) plan and allocate resources to effectively accomplish the work to meet productivity and quality goals, (2) adjust the IT audit plans based on the changing IT controls, risk posture, and/or business priority and (3) build relevant skill sets and business knowledge.
- Supervise and coach a team of IT auditors to manage, execute and complete the Group's IT audit plans in accordance with the GIA Standards
- Partner with business auditors to assess application IT controls related to key business processes
- Build audit relationship with key IT Management of Group Office and BUs via regular interaction so as to be informed of emerging risk issues and other key changes
- Manage audit and client expectations about deliverables, timing, and how the approach matches the needs. Ensure work products are focused, clear, accurate, and well presented.
- Review audit reports and lead discussion of issues and remedial action plans with the appropriate levels of management.
- Facilitate issuance of audit reports to management.
- Follow-up outstanding audit issues and monitor timely completion of agreed remedial actions by management.
- Provide recommendation and follow-up to ensure achievement of departmental goals.
- Provide professional advice and insights to management to enable informed management decisions.
- Provide support to BU in preparing IT audit related response to the regulator inquiries
- Involve in the implementation of new processes and systems of the company to provide an independent view to management of the quality and effectiveness of the projects.
- Perform other responsibilities and duties periodically assigned by the Head of Internal Audit in order to meet operational and/or other requirements.
- University graduate in IT or Computer Science or equivalent
- Minimum 15 years of IT audit, IT security or other relevant experience, preferably with regional exposure
- Certificate holder of Certified Information Systems Security Professional (CISSP)/ Certified Information Systems Auditor (CISA)/ Certified Information Security Manager (CISM) with strong understanding in IT controls and risks
- Excellent command of both oral and written English
- Proven experience in IT infrastructure, information security, application security controls, system development process and/or business continuity management
- Experience in insurance business or financial industry is a definite advantage
- Good people management experience
- Knowledge with audit tools and other software such as ACL (data analytic tools) and TeamMate is an advantage.
- Experience in life insurance business or financial services industry is a definite advantage
- Energetic, result-oriented, ability to work under pressure and self-motivated
- Good analytical, interpersonal and influencing skills
- Solid problem-solving skills, ability to analyse complex data, identify core issues, investigate, evaluate and reach appropriate conclusions
- Ability to direct and drive multiple engagements simultaneously
- Willing to travel for overseas assignments
|Career Level||Lead (more than 10 years)|
|Qualification||Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Information Systems Security Professional (CISSP)|