IT Audit, Conglomerate (Multiple levels)

Responsibilities:

• Execute end-to-end IT audit engagements, from planning and risk assessment to reporting and follow-up.
• Conduct in-depth audits of critical business applications (e.g., ERP systems like SAP, Oracle, custom-built platforms).
• IT General Controls (ITGC): Evaluate controls over areas such as Access Security, Change Management, Computer Operations
• Perform IT risk assessments to identify key areas of risk and contribute to the annual audit plan.
• Assess the effectiveness of cybersecurity frameworks, network security, and data protection measures.
• Provide assurance over major IT projects, reviewing system development lifecycles (SDLC) and project governance.
• Draft clear, concise, and impactful audit reports for senior management, highlighting issues, risks, and practical recommendations.
• Track and validate management's remediation actions for audit findings.
• Provide consultative advice to IT and business management on control improvements.

Requirements:

• Bachelor's degree in Information Systems, Computer Science, Accounting, Finance, or a related field.
• No less then 5 years of proven experience in IT auditing, IT risk assessment, or IT security.
• Hold a relevant professional certification (e.g., CISA, CISSP).
• Strong understanding of IT governance frameworks (e.g., COBIT, NIST, ISO 27001) and audit methodologies.
• Experience auditing application controls and IT general controls (ITGC).
• Excellent analytical, problem-solving, and communication skills (written and verbal).
• High level of professionalism and integrity.
• Proven experience managing an audit team and multiple complex projects is a plus.
• Previous experience auditing or working in a China-based environment is a strong advantage.
• Ability to speak and write in English and Mandarin Chinese is highly desirable.