Information System Auditor
Hong Kong

Responsibilities :

The role covers SG Business Lines and Group Functions in Asia Pacific and encompass various aspects of Banking Services with a core business activity focusing on Corporate and Investment Banking.

The IS Auditor is responsible for the execution of audit assignments and controls with a strong focus on Information Systems (IS) and IT Infrastructures, in particular on fields like Information System Security, Project Management, Software Development Life Cycle, Change and Release Management and Production Support.

Key activities in audit assignment are to :

  • Execute all audit assignments in accordance with internal quality standards,
  • Prepare audit work programs in good understanding of the specific risks to be evaluated,
  • Assess the control environment of both 1st and 2nd Lines of Defense (LOD1 and LOD2)
  • Perform audit controls within the committed budget and deadline,
  • Maintain clear work papers and audit trail of the work done,
  • Debrief auditees based on factual and clear findings,
  • Propose relevant recommendations to improve SG processes and reduce risks,
  • When acting as the Head of Mission, the auditor is also responsible to :

  • Manage the relationship and communication with the main auditee(s)
  • Efficiently manages the resources assigned to the mission
  • Set objectives and assess the contribution of auditors assigned to the mission
  • Regularly report the progress of the mission to the supervisor
  • Write concise and clear reports to communicate audit results to the management
  • In addition, the auditor follows-up audit recommendations in a timely manner, assess whether the risks have been sufficiently mitigated to propose the closure of the recommendation, or to escalate to the audit supervisors and management when needed.

    The auditor also contributes to the annual Risk Assessment to elaborate the audit plan and takes part to the Continuous Audit Monitoring processes to adjust the audit plan if significant risks arise.

    The auditor contributes his / her expertise to the local and global Information System Audit community and provide advice to business auditors on Information Systems risks.

    The auditor is pro-active and show full accountability in the respect of conduct and behavior and demonstrate a positive culture of compliance, risk awareness and doing the right thing', towards internal stakeholders as well as clients and markets with which he / she is engaged.

    Qualifications :

    SG Business Lines and Group Functions in Asia Pacific cover various aspects of Banking Services with a core business activity focusing on Corporate and Investment Banking.

    The position is based in Hong Kong with several short-term travels of 2-3 weeks expected throughout the year in Asia Pacific, and eventually in Paris.

    The main focus of the role will be Cybersecurity, IT infrastructures (network, servers and database) and SG Information System’s business applications.

    Technical competencies and job skills required :

  • Bachelor degree or above in Information Systems or Computer Science
  • Minimum 5-10 years of total experience in Information System Audit and / or operational experience in Information Systems in areas such as :
  • o Information System Audit, Risk or Consulting

    o Cybersecurity

  • Experience in Investment Banking or in another banking activity is preferred
  • Data analytics skills and capacity to analyze audit trails using scripts or BI tools is preferred
  • Internal Audit or IT risks and control background is preferred such as :
  • o Knowledge of COBIT or another IT risk framework

    o CISA / CISSP / CEH / GPEN / CCSP or another IT audit and security certification

    Behavioral competencies and soft skills required :

  • Can demonstrate a great level of integrity
  • Adapt quickly to new environment and curious to learn and develop new skills / knowledge
  • Robust analytical skills to relate IT risks with potential business exposure
  • Organized and autonomous with the ability to deliver quality work within committed deadlines
  • Good communication skills and ability to interact with management as well as operational staff
  • Fluent command of English, with good report writing and presentation skills
  • Business Insight

    Societe Generale is one of the leading financial services groups in Europe. Based on a diversified and integrated banking model, the Group combines financial solidity and a strategy of sustainable growth.

    The Inspection General and Internal Audit Division (IGAD) is Societe Generale Group 3rd line of Defense under the authority of the Head of Inspection and Audit, who reports directly to the Group's Chief Executive Officer.

    Audit is organized in geographical and functional zones, while General Inspection on top of audit work covers more particularly major risks for the Group, transversal topics and strategic issues.

    The main role of IGAD is to review operational entities in an objective, thorough and risk-based manner to assess the compliance of the Group’s operations, the level of risk actually incurred, the enforcement of procedures and the effectiveness and relevance of the corresponding permanent control set up.

    IGAD issues recommendations in order to better manage risks and to increase the efficiency of the Group’s activity.

    Within IGAD, the Information System Audit department is a global and transversal organization that plays a key role in reinforcing Societe Generale’s third line of defense against Information System risks.

    The auditor will have a regional coverage and will contribute to audit assignments on SG Group entities in Asia Pacific.

    通過點擊“持續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。