- Fixed Income
- Internal Audit
- IT Audit
Technology Auditor (Institutional Securities Technology), Manager (Hong Kong)
Location: Non-Japan Asia-Hong Kong-Hong Kong-Hong Kong
Morgan Stanley is a leading global financial services company providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 747 offices in 42 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Internal Audit is responsible for validating whether the Firm operates in a controlled environment with appropriate risk management processes. Auditors evaluate the adequacy and effectiveness of the Firm’s internal controls using a risk-based methodology developed from professional auditing standards. Internal Audit assists in monitoring the Firm’s compliance with internal guidelines set for risk management and risk monitoring, as well as external rules and regulations governing the industry. The team reports directly to the Board Audit Committee and helps verify whether the Firm meets all of its fiduciary responsibilities to shareholders, while adhering to corporate-governance standards and legal and regulatory requirements. Internal Audit comprises Business, Risk and Technology auditors. Business and Risk auditors focus on understanding the risks that the businesses face and the controls to mitigate those risks. Technology auditors focus on the IT controls supporting business processes, including systems development, application security and entitlements, production management, and technology governance. Both groups are responsible for understanding, analysing and testing the controls to protect the franchise.
The Asia Internal Audit Department is responsible for audits across all Morgan Stanley businesses in the region. The audits are designed to assess the adequacy of the control environment and to provide the Board Audit Committee and relevant regional committees with an independent assessment of risk across the Firm.
The candidate will be part of the Asia Technology Audit team based in Hong Kong, providing support in managing and executing regional and global technology audits, as well as performing Continuous Monitoring activities, with a focus on Morgan Stanley’s Institutional Securities businesses in the region. Responsibilities include the following:
• Perform regional and global audits across different business areas (including Institutional Securities Group e.g. Equities, Fixed Income, Investment Banking and Global Capital Markets, Wealth Management, etc.) in accordance with established standards, taking a hands-on approach while also able to see audits through from start to completion.
• Collaborate effectively with staff and auditees across different time-zones and regions.
• Effective communication with all levels of management. Be able to write and present audit findings and reports to the intended audience.
• Develop and maintain relationships with key auditees for effective continuous monitoring of technology risks. Provide relevant statements / conclusions based on data points gained from the meetings for inclusion in global and regional continuous monitoring packs.
• Be able to communicate effectively with business audit colleagues as well as Business Unit management on technology risks and implications to business stakeholders.
• 4-6 years relevant Technology audit work experience, with knowledge of investment banking products (e.g. fixed income, cash equities and derivatives), systems and processes. Strong knowledge of risk-based audit techniques and principles. Ideal candidates would have Internal Audit experience within a global Investment Bank, and understanding of securities markets and related regulatory requirements in one or more Asia jurisdictions.
• Degree educated or equivalent (preferably a technical/IT related degree).
• Ideal candidate would have professional IT audit / security qualifications, (CISA, CISM, CISSP, etc.), as well as accounting or professional audit qualifications (e.g. CA/ACA, ACCA, CIMA, CIA).
• Understanding of control frameworks, e.g. COBIT, ITIL, ISO17799, COSO, CMMI.
• Knowledge of application development methods, technology infrastructure, computer processing environment, and experience in using computer assisted auditing techniques / data analytics.
• Prior relevant experience in conducting IT application audits, technology infrastructure audits as well as business-related technology controls.
• Strong analytical skills.
• Excellent inter-personal, verbal and written communication skills.
• Dependable, who can work on multiple projects simultaneously, in accordance with workflow and timetable objectives.
• Professional attitude and demonstrate the highest ethical standards, sound professional judgment.
• Maintain a habit of continuous learning.
• Cantonese and/or Mandarin language skills considered an advantage.
|Career Level||Intermediate (3-6 years)|
|Qualification||Certified Information Security Manager (CISM), Certified Information System Auditor (CISA), Certified Information Systems Security Professional (CISSP), Chartered Accountant Qualification (ACA), Chartered Certified Accountant (ACCA), Certified Internal Auditor, Chartered Global Management Accountant (CGMA/CIMA)|
|Language||English, Mandarin (Putonghua)|