职位总体目的(主要职责)

Lead technology-driven audits to assess and enhance IT governance, cybersecurity controls, and regulatory compliance. Provide assurance and consulting services for company’s technology operating activities; Alert potential risks including providing insights on emerging technology risks during the company’s planning and strategizing process.


岗位职责:


1.Conduct company-wide risk assessment and draft the annual IT audit plan on a risk-oriented base.

2.Lead IT audit projects to independently manage end-to-end audit cycles, and assist the team leader of the general audit projects to conduct the audit in the assigned areas, including:

1) Conduct internal audit according to audit objectives.

2) Evaluate and improve the adequacy and effectiveness of the organization’s governance, control and risk management process by systematic and disciplined approaches.

3) Complete work paper, effectively communicate audit findings with relevant auditees, propose reasonable and applicable improvement suggestions, and report to the director.

4) Draft audit report and implement follow-ups.

3.Conduct J-SOX assessment.

4.Work with the team to develop smarter ways to analyze audit data. Create easy-to-use measurement digital tools and step-by-step guidelines to make the whole process run smoothly.

5.Assist the director in communication, coordination and follow-up with the global and local parties.

6.Monitor and assess effectiveness of internal control system on an ongoing basis and optimise business activities, internal control and risk management to improve governance, add value and achieve targets.

7.Work with the director to formulate and implement the mentorship plan and coach the mentee, share professional knowledge and experience, give guidance of company culture and value.

8.Ad hoc tasks assigned by the director.


资历要求:


1.Bachelor’s degree or above. Major in IT, Auditing, or other related fields.

2. CISA/CIA certifications required, CISSP plus.

3. More than 5 years of ITGC/AC, security audit experience in multinational enterprise, at least 2 years as the leader in IT audit project. Experience in cybersecurity audit would be a plus.

4. Fluent in English, both speaking and writing.

5. Familiar with internal control principles and audit procedures.

6. Good at execution, communication, coordination and logical reasoning.

7. Good professional ethics: integrity, accountability, objectivity and confidentiality.

8.Proficient in using data analysis tools such as ACL, Power BI, SQL, etc.