Responsibilites:

• Identify key technology and data risks at the group-wide and local level for each entity, considering the relevant strategies and business environment.
• Support the development of the annual audit plan considering the key risks identified.
• Preparation of the annual audit plan and schedules for Central and Regional units.
• Plan, lead and execute audits and evaluate the adequacy of risk management and control for technology and cyber related risks according to established schedule and quality requirements. 
• Partner closely with domestic auditors and the CISO to assess and maintain the IT audit universe and provide training, tools and support to non-SME's.
• Provide SME support to the broader team on technology and cyber risks. 
• Keep up-to date with emerging risks and risk best practices.
• Continuously mature CIA’s capabilities and provide insights to key stakeholders.
• Advocate technology advisory services to other BUs to improve the relevancy of the Internal Audit. 
• Plan and allocate resources to effectively accomplish the work to meet productivity and quality goals as well as adjust the IT audit plans based on the changing IT controls, risk posture, and/or business priority. 
• Build strong audit relationship with key IT Management of the Central office and BUs via regular interaction, informing them of emerging risk issues and other key change controls related to key business processes.
• Draft audit reports and lead discussion of issues and remedial action plans with the appropriate levels of management. 
• Facilitate issuance of audit reports to management. 
• Lead the team to follow-up outstanding audit issues and monitor timely completion of agreed remedial actions by management.

Requirements:

• Minimum 8 years of experience in technology audit.
• Bilingual English/Mandarin is required to be able to coordinate with overseas partners and stakeholders.
• Proven experience auditing IT aspects, including governance, risk management, system and cybersecurity, preferably gained within financial services, payment institutions or from regulators.
• Experience in digital forensics or investigation is highly preferable.
• Experience auditing or working in the First or Second Line of Defense IT, information security and operational risk functions, or experience with payments and international transactions would be advantageous.
• Sound understanding of software development, system architecture, information and cyber security and cloud computing.
• Knowledge of risk based auditing and risk management frameworks (e.g. ISO27001, NIST, COBIT, COSO, SOC2, PCI-DSS).
• Ability to apply analytics, process automation and develop a data-driven internal audit approach.
• Ability to review code (Python, Java, SQL etc.) and develop data analytics solutions is highly desirable but not essential.
• Confident in dealing with senior stakeholders such as Principal engineers, Head of Departments, CISO and CTO.
• Able to work effectively in a fast-changing business environment and manage shifts in priorities.
• Relevant professional certifications or industry accreditations (CISSP, CISM, CISA, CIA, AWS or GCP certifications etc.) would be a plus.
• Degree qualified in computer science, information security, engineering or of a quantitative discipline would be a plus.