This is an exciting opportunity to join the Technology Audit Team. Our Internal Audit Department is an independent function accountable to the Audit Committee of the Board of Directors, the Office of the Chairman, senior management, and our global and local regulators. Internal Audit is comprised of more than 1,000 auditors, located in key locations across the globe, and is responsible for assessing the adequacy of the control environments across the firm's lines of business

As a Technology Auditor, Vice President in the Asia Technology Audit Team, you are an experienced technology audit professional joining the Asia CIB Technology Audit Team covering Markets and Payments Technology. This position will be based in Hong Kong, reporting to the regional Commercial and Investment Bank Technology Audit (CIB) Lead. As a CIB Technology Audit Manager, you will be collaborating with cross-functional teams to lead and execute technology audits across the Asia locations and globally. You will also develop and maintain effective relationships with senior technology and internal stakeholders to stay up-to-date on headline programs as part of audit continuous monitoring. 

Job Responsibilities:

Work closely with business and technology auditors in business integrated audits to identify and assess key risks in the program of audit coverage. Lead, plan, execute and document audit reports, including risk assessments, audit planning, audit testing, control evaluation, report drafting and follow-up and verification of issue closure while ensuring audits are completed timely and within budget. Perform audit work in accordance with department and professional standards, and complete assignments in an efficient manner. Involve in audit risk assessment process to determine the frequency and coverage of audits to address both risk based and regulatory required audit needs. Ensure adequate and complete audit coverage for APAC through regional and global audit activities. Ensure good quality documentation for audit workpapers and audit reports with minimal review notes from the Auditor In-Charge and Audit Manager. Provide continuous monitoring coverage of key technology programs by developing and maintain strong stakeholder relationships with technology leaders and related technology control groups. Monitor key risk indicators, significant change activities and escalate any emerging issues to management attention. Stay up to date with evolving industry and regulatory changes impacting the markets and payments technology environment. Stay up to date with industry trends to identify opportunities for game changing innovations or strategic partnerships. Take ownership of self-development, including stretch assignments, to prepare for greater responsibilities and career growth, and take initiative to seek out opportunity for continued learning. Provide guidance and coaching for junior members of the team to improve audit quality and timeliness of deliverables. Take leadership to find ways to drive audit improvement areas such as efficiency through automation while embracing the innovative opportunities offered by new technologies.

Required Qualifications, Capabilities and Skills:

Bachelor’s degree in technology and minimum 8 years of relevant internal or external auditing experience. Certified Information Systems Auditor (CISA) and / or Certified Information Systems Security Professional (CISSP) designation is required.  Good understanding of CIB business products in markets and payments, and the associated technology risks and controls. Excellent verbal and written communication skills; Good interpersonal skills and ability to present complex and sensitive issues in simple and layman language to senior management, and influence change. Shortlisted candidates are expected to go through a scenario based written test. Familiarity with APAC regulations relating technology risk management (e.g., TRMs, securities trading rules, payments regulations etc.) Strong understanding of internal control concepts with the ability to evaluate and determine the adequacy of controls by considering business and technology risks in an integrated manner e.g., ITGC, technology controls relating to operating systems, database platforms, technology processes, and business applications Strong analytical skills and ability to apply Data Analytics skills and tools to improve audit testing efficiencies and coverage, and audit continuous monitoring. Knowledge of Alteryx, SQL, PowerBI, Python, Excel, or other common DA tools; Familiarity with new and emerging technology and control best practices such as Cloud, AI/ML, Blockchain etc. Team player who works well independently and in teams, shares information, and collaborates with colleagues in both audits and non-audit related working groups. Enthusiastic, self-motivated, strong interest in continuous learning / upgrading of skillset, effective under pressure and willing to take personal responsibility / accountability. Flexible to changing business priorities and ability to multitask in a constantly changing environment. Willing to travel as needed.

Preferred qualifications, capabilities, and skills:

Any public cloud related certification is an advantage.  Prior experience or the ability to apply risk management concept to evaluate risks and controls in business integrated audits will be an advantage.