This is an exciting opportunity to join the Technology Audit Team. Our Internal Audit Department is an independent function accountable to the Audit Committee, the Board of Directors, senior management, and our global and local regulators. Internal Audit is comprised of more than 1,000 auditors, located in key locations across the globe, and is responsible for assessing the adequacy of the control environments across the firm's lines of business. Using cutting-edge audit technology, data, methodology and sound judgement, we bring a systematic and disciplined approach to evaluating and improving the effectiveness of governance, risk management and controls.

As a Technology Auditor in Commercial & Investment Bank Technology Audit Team, you will be specifically focusing on markets technology. You will be based in Hong Kong, reporting to the regional Commercial & Investment Bank Technology Audit Lead. As a Commercial & Investment Bank Technology Auditor, you will be collaborating with cross-functional teams to plan and execute technology audits across the Asia locations and globally. You will also develop and maintain effective relationships with senior technology and internal stakeholders to stay up-to-date on headline programs as part of audit continuous monitoring.

Job responsibilities:

Work closely with business and technology auditors in business integrated audits to identify and assess key risks in the program of audit coverage. Plan, execute, and document audit reports, including risk assessments, audit planning, audit testing, control evaluation, report drafting, and follow-up and verification of issue closure while ensuring audits are completed timely and within budget. Perform audit work in accordance with department and professional standards, and complete assignments in an efficient manner. Involve in audit risk assessment process to determine the frequency and coverage of audits to address both risk-based and regulatory-required audit needs. Ensure adequate and complete audit coverage for APAC through regional and global audit activities. Ensure good quality documentation for audit workpapers and audit reports with minimal review notes from the Audit Manager. Provide continuous monitoring coverage of key technology programs by developing and maintaining strong stakeholder relationships with technology leaders and related technology control groups. Monitor key risk indicators, significant change activities, and escalate any emerging issues to management attention. Stay up to date with evolving industry and regulatory changes impacting the technology environment, and industry trends to identify opportunities for game-changing innovations or strategic partnerships. Take ownership of self-development, including stretch assignments, to prepare for greater responsibilities and career growth, and take initiative to seek out opportunities for continued learning. Take leadership to find ways to drive audit improvement areas such as efficiency through automation while embracing the innovative opportunities offered by new technologies.

Required qualifications, capabilities, and skills:

Bachelor’s degree in technology Minimum 6 years of relevant internal or external auditing experience. Certified Information Systems Auditor (CISA) and/or Certified Information Systems Security Professional (CISSP) designation is required. Good understanding of Commercial & Investment Bank business products in markets, and the associated technology risks and controls Excellent verbal and written communication skills; Good interpersonal skills and ability to present complex and sensitive issues in simple and layman language to senior management, and influence change. Familiarity with APAC regulations relating to technology risk management (e.g., TRMs, securities trading rules, payments regulations, etc.) Strong understanding of internal control concepts with the ability to evaluate and determine the adequacy of controls by considering business and technology risks in an integrated manner (e.g., ITGC, technology controls relating to operating systems, database platforms, technology processes, and business applications). Strong analytical skills and ability to apply Data Analytics skills and tools to improve audit testing efficiencies and coverage, and audit continuous monitoring. Knowledge of Alteryx, SQL, PowerBI, Python, Excel, QlikView, Tableau or other common DA tools. Familiarity with new and emerging technology and control best practices such as Cloud, AI/ML, Blockchain, etc. Team player who works well independently and in teams, shares information, and collaborates with colleagues in both audits and non-audit related working groups. Enthusiastic, self-motivated, strong interest in continuous learning/upgrading of skillset, effective under pressure, and willing to take personal responsibility/accountability, flexible to changing business priorities and ability to multitask in a constantly changing environment.

Preferred qualifications, capabilities, and skills:

Any public cloud-related certification is an advantage. Prior experience or the ability to apply risk management concepts to evaluate risks and controls in business integrated audits will be an advantage. Willing to travel as needed.