The individual will provide management and the board with an objective, independent assessment of the internal control systems through the planning and execution of the audit assignments. The individual will also add value to management by providing appropriate business-oriented recommendations. He/she will assist the head of IT audit with delivery of the overall audit plan, reporting to committees and management, and supervising junior audit staff.
Roles and responsibilities:
- Help identify key risks at the local level for each entity considering the relevant strategies and business environment.
- Help develop the annual audit plan considering the key risks identified.
- Plan, lead and execute audits within China and evaluate the adequacy of information system related controls according to established schedule and quality requirements.
- Assist in the preparation of the annual audit plan and schedules and audit committee reports.
- Coordinate and co-operate with external auditors to leverage review work done so as to minimise interruption to business units. Partner with financial auditors to assess application IT controls related to key business processes.
- Review or prepare audit reports and lead discussion of issues and remedial action plans with the appropriate levels of management.
- Facilitate issuance of audit reports to management.
- Follow-up outstanding audit issues and monitor timely completion of agreed remedial actions by management.
- Proactively contribute to the development of the team through coaching, training and providing timely feedback to junior staff.
- Assist in evaluating whether the team has adequate human resources, technical expertise and proficiency to cover the annual audit plan.
- Review and co-ordinate the work of the team members and ensure that the working papers, draft audit reports and other deliverables meet internal standards and assignments are completed within budgeted time.
- Assist the head of IT audit in training, mentoring and evaluating staff, and taking corrective actions to address performance issues.
- Liaise with the control community and other members of the company to contribute to the implementation of an effective and efficient system of internal control.
- Develop rapport with business unit management through regular communication of changes in business operations, emerging risks and potential issues, etc.
- Provide professional advice and insights to management to enable informed management decisions.
- Take the initiative in improving self through classroom and on-the-job trainings.
- Perform other responsibilities and duties periodically assigned by the head of IT audit in order to meet operational and/or other requirements.
- University graduate in IT or Computer Science
- Minimum ten years of IT audit or solid technology risk management experience
- Certificate holder of Certified Information Systems Security Professional (CISSP)/ Certified Information Systems Auditor (CISA)/ Certified Information Security Manager (CISM)
- Proven experience in IT infrastructure, information security, application security controls, business continuity and/or project management
- Strong understanding on IT controls and risks
- Prior team management experience is preferred
- Good command of both oral and written English and Chinese
- Knowledge with audit tools and other software such as ACL (data analytic tools) and MS Office
- Good team player who is committed to achieve results
- Ability to work under pressure and meet milestones within time, cost and quality constraints
- Strong analytical, written/verbal communication, presentation, interpersonal, and relationship building skills
- Solid problem solving skills, ability to analyse complex data, identify core issues, investigate, evaluate and reach appropriate conclusions
- Ability to adapt to changes quickly and multi-task