Job Responsibilities :
Plan and conduct comprehensive independent reviews based on defined methodology, IT standards and / or industry good practice.
Assess adequacy and effectiveness of ITD's internal controls, and properly document the assessment / review procedures performed.
Prepare review reports, articulate and present any issues, root causes and recommended actions to management
Design and implement continuous monitoring controls using automated or data analytics tools
Coordinate with other IT teams to address control weaknesses, including design and implement new controls to address known issues
Proactively track, follow-up and report implementation status of issue remediation and risk mitigation
Review and revise / update IT standards and procedures
Conduct training to improve awareness of control requirements stated in IT standards, and / or any industry good practices
Work closely with Risk, Compliance and Internal Audit for risk mitigation and control improvements
Job Requirements :
University graduate in information technology, information security or related disciplines
Minimum 8 years of relevant experience in technology risk, cybersecurity, technology audit and / or IT compliance gained from financial institutions
Holder of relevant professional certificates, such as, CISA, CISSP, CRISC, CGEIT is preferred
Good knowledge of NIST Cybersecurity Framework, ITIL,CMMI, ITSM, COBIT, PMBOK, SDLC, and key IT processes
Practical experience in IT control assessment / auditing, technology risk management, business & system processes review
Experience in designing and implementing new controls to mitigate identified risks
Working knowledge of controls verification using data analytics
Experience in reviewing and revising IT standards and procedures
Ability to manage multi-assignments in a dynamic working environment
Strong problem solving, analytical and presentation skills
Excellent communications skills and advanced reporting writing skill in English and Chinese
Work experience in Big 4 audit firm is an advantage
Applicants who do not hear from us within 6 weeks may consider their applications unsuccessful. Personal data provided will only be used for the purpose of employment application to HKEX.
