RESPONSIBILITIES
- Developing audit plans and programs of designated areas in IT Audit
- Conduct risk assessments, audit planning, audit testing, control evaluation in the BAU departmental. Drafting reports, follow up and verify corresponding issues
- Monitor cybersecurity development initiatives and performing continuous risk assessments of coverage areas
- Develop Computer Audit Assisted Technique (“CAAT”)
- Provide technical advice and support other general auditors in audits
- Manage audit work in accordance with department and professional standards, and complete assignments in an efficient and effective manner
- Enforce internal audit standards by promoting or documenting internal audit policies, procedures and manuals according to internal and external regulatory requirements
- Provide recommendation for changes when required
- Perform ad hoc projects and assignments as required directed by the Team Head, IT Audit or Chief Auditor
- Stay up to date with evolving industry and regulatory changes which impacting the business and technology environment
- Escalate emerging issues to management in a timely manner
- Proactively communicate with the relevant business units to understand the latest risk exposure of relevant business and operation environment for conducting risk assessment
- Update and maintain Audit system and provide advice to improve its efficiency and effectiveness
REQUIREMENTS
- Degree holder or equivalent in Accounting, Computer Science or equivalent to related disciplines
- Minimum 4 years’ experience in IT audit preferable in a sizable financial institution
- Holder of CSX-S, CSX-E, CISA, CISM, or CISSP is a must
- Obtain Professional level qualification under HKMA ECF on Cybersecurity
- Understanding of internal control concepts with ability to evaluate and determine the adequacy of controls by considering business and technology in an integrated manner
- Knowledge of information security and information technology governance and assessment in banking industry
- Good knowledge of major banking processes, IT controls and cyber security related regulatory requirements