Senior IT Audit Manager

​Job Purpose​
To conduct independent audits of IT systems, business processes, and operational activities, evaluating the effectiveness of internal controls, compliance, and risk management. Provide actionable recommendations to enhance operational efficiency, data security, and regulatory compliance.

​Key Responsibilities​
​IT Audit Focus​

Assess IT governance frameworks (e.g., COBIT, ITIL) and compliance of information systems with standards (e.g., ISO 27001, GDPR, SOX).
Audit IT infrastructure (networks, servers, databases), applications (ERP, CRM), and data security (access controls, encryption, backup/recovery).
Identify cybersecurity risks (e.g., vulnerability management, penetration testing results) and recommend mitigation measures.
Review IT project lifecycles (requirements, development, deployment) for compliance and risk management.
Track remediation of audit findings to ensure IT risk closure.

​Operational Audit Focus​

Evaluate internal controls across business functions (finance, procurement, supply chain, HR).
Analyze operational efficiency (e.g., process bottlenecks, cost optimization) and KPI performance.
Assess compliance with industry regulations (e.g., SOX, PCI-DSS) and company policies.
Conduct ad-hoc audits (e.g., vendor audits, branch inspections).

​General Duties​

Develop audit plans, workpapers, and reports with clear findings/recommendations.
Communicate audit results to stakeholders and drive corrective actions.
Monitor regulatory updates (e.g., NIS2, CCPA) and emerging audit methodologies.

​Qualifications​
​Education & Certifications​

Bachelor’s degree in Computer Science, Information Systems, Accounting, Finance, or related field.
Professional certifications (e.g., CISA, CIA, CISSP, CPA) preferred.

​Experience​

Bachelor’s degree holder (Finance and Accounting, IT or related discipline)
Professional qualification such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Public Accountant (CPA), or Certified Internal Auditor (CIA)
Minimum 10 to 12 years of internal auditing or related experience at sizeable companies or audit firms, with excellent knowledge of information system as well as operational auditing and hands-on experience in leading and managing complex audits
Solid knowledge of the latest trends and technology, and best practices in IT audit
Excellent analytical, communication, and report writing skills
Strong business / commercial sense and ability to drive different collaborations across amongst stakeholders
Excellent command of spoken and written English and Chinese