Audit Manager (IT & Retail)

This is a rare opportunity for a highly motivated, energetic and smart IT Audit Manager / Audit Manager to join the Mox audit team and support audits in the areas of Technology & ICS as well as other audit work.

Key focus of the role is on cyber security in cloud environment and business process auditing in line with regulatory requirements and expectations on a digital retail bank in Hong Kong. The role provides opportunity to participate in a large scale of audit work and further learn about retail cloud-native banking environment.

The successful candidate will assist the Head of Audit Mox and the Mox Audit team in the development and execution of the Audit plan in accordance with the Group’s Audit Charter and provide assurance that key risks (including emerging risks) pertaining to the audit universe are being appropriately managed. The role provides for broad exposure across the retail banking portfolio with key focus on auditing cybersecurity in cloud environment and business processes. It involves undertaking risk assessments, lead and perform internal audit engagements of diverse business units or functions to deliver the audit plan established as well as ad-hoc short assignments. In addition, the role involves providing guidance to audit team members and contributing to the overall Group Internal Audit (GIA) audit coverage and priorities by providing product domain knowledge and expertise.

  • Establish and develop effective working relationships with squads and colleagues across first and second line.

  • Act as liaison with assigned heads to ensure full understanding of business strategy, plans, products, performance and risk-related issues at business unit level and communicating these to the relevant Audit Team members via bottom-up continuing risk assessments and dialogue.

  • Perform, support or lead where directed, the planning, fieldwork, and reporting of internal audit engagements to deliver agreed assurance objectives to established standards and timelines.

  • Actively track and escalate, where appropriate, significant issues and audit findings that remain unresolved.

  • To help develop and maintain a robust risk assessment process for documenting and communicating the results of assessment, the consolidated audit plan and strategy for the assigned portfolios and / or business functions.

  • Maintain effective relationships with internal GIA stakeholders to provide input / assistance on developing their audit approach as required.

  • Provide non-assurance services to business units where required, through participation on advisory engagements / special projects within the Group.

  • Where undertaking the role of Team Manager, provide performance feedback to team leaders and team members.

  • Share knowledge, skills and experience with team leaders and team members to guide and assist in their development.

  • To identify, clearly document and escalate significant issues.

  • The individual will be a core regulatory audit specialist and also be expected to participate in other cross functional/country audits.

  • To assist the Head of Audit to ensure accurate and timely management reporting is provided to the GIA Management Team.

  • Solid work experience as professional auditors or business practitioners with core audit / business skills, particularly in the area of auditing cybersecurity in cloud environment.

  • Knowledge of key Hong Kong regulatory requirements and international standards and their impact on the bank and financing business.

  • Effective collaborative skills that contribute to positive working relationships with counterparts in Group Internal Audit and the business.

  • Demonstrates ability to work independently and seek guidance when needed.

  • Demonstrates ability to multi-task without loss of quality.

  • Flexibility to work across different functions and situations, and change priorities at short notice. Ability to work in agile delivery environment.

  • Demonstrates ability to think critically, objectively and “think outside the box” when analyzing issues and recommending / developing solutions.

  • Effective verbal communication skills; written communication skills of a high standard.

  • Demonstrates understanding of and commitment to the Group’s core values.

  • Engagement in professional certification activities, including completion of mandatory Bank-sponsored industry certification where appropriate.

  • Professional audit certification (CPA or CIA equivalent), CISA or other ISACA / Cloud Security qualification required.

  • Team player, cooperative and able to work well with diverse teams and willing to continuously develop.

  • Fluent spoken and written English a must.