IT Compliance Audit

Responsibilities

- Develop IT audit plans and annual IT audit plan.

- Provide IT risk assessment.

- Familiarity with and coordination with the Hong Kong Securities and Futures Commission (SFC) as well as third-party audits.

- Familiarity with the following IT audit-related content and implementation strategies.

Strategy & governance:

- IT governance;

- project management & SDLC reviews;

- IT strategy, policies and procedures;

- IT change management;

- IT risk assessment;

- vendor evaluation.

IT security:

- security reviews & control assessments;

- vulnerability & risk assessment;

- network & application security;

- compliance monitoring;

- infrastructure & information security;

- physical & environmental security;

- access control reviews;

- network security reviews ;

- firewall and IDS controls.

Business continuity:

- disaster & recovery management;

- continuity & high availability solutions.

Risk management & compliance:

- third party risk

- technology risk

Requirements:

- Bachelor or Master degree with an IT or Accounting related major;

- Relevant CISSP/CISA certification or qualifications.

- Minimum 3 years of work experience in the IT Audit field in an international audit firm;

- Fluent in Cantonese and English and Mandarin (speaking & writing in English);

Responsibilities:

- Establish IT audit plans and annual IT audit plans.

- Provide IT risk assessment.

- Familiar with and coordinate with the Hong Kong Securities and Futures Commission (SFC) and third-party audit.

- Familiar with the following IT audit-related content and implementation strategies.

IT strategy and governance:

- IT governance;

- Project management and SDLC review;

- IT strategy, policy and process;

- IT change management;

- IT risk assessment;

- Supplier evaluation.

IT security:

- Safety review and control assessment;

- Vulnerability and risk assessment;

- Network and application security;

- Infrastructure and information security;

- Physical and environmental safety;

- Access control review;

- Network security review;

- Firewall and intrusion detection system (IDS) control.

Business continuity:

- Disaster and recovery management;

- Continuous and high availability solutions.

Risk Management:

- Third-party risks;

- Technical risks.

Requirements:

- Bachelor's or master's degree, majoring in IT or accounting related;

- Have relevant CISSP/CISA certificates or qualifications;

- At least 3 years of work experience in the IT audit field at an auditing company;

- Fluent Cantonese, English, and Mandarin (spoken and written English).