Responsibilities:

• Lead and conduct risk-based operational audits on IT infrastructure, applications, cybersecurity, data governance and other business processes, ensuring completion within the established timeline.
• Identify technology-related risks and assess the effectiveness of IT controls.
• Evaluate system configurations, access controls, change management, and disaster recovery procedures.
• Work closely with IT, cybersecurity, compliance, and business units to understand systems and risks
• Prepare clear, concise audit reports with actionable recommendations
• Enhance audit documentation and leverage data analytics in audit projects.
• Promote continuous improvement and professional development within the audit team.

Requirements:

• Bachelor’s degree in Information Systems, Computer Science, Accounting, or related field.
• Professional certification (e.g., CISA, CISM, CISSP, CPA, CIA) is strongly preferred.
• Minimum 6–8 years of IT audit or technology risk experience with listed companies, multinational corporations, or professional services firms (preferably Big Four).
• Strong understanding of IT frameworks (e.g., COBIT, NIST, ISO 27001), cybersecurity principles, and regulatory compliance (e.g., SOX, GDPR).
• Excellent analytical, communication, and project management skills.
• Self-motivated, able to work independently and lead audit engagements from start to finish.
• Good communication and interpersonal skills, with the ability to interact with various levels of management
• Experience with data analytics and ERP systems is a plus.
• Fluency in English, Cantonese, and Mandarin, with strong professional writing skills in English.
• Frequent travel to PRC factories and occasional travel to overseas offices in Europe and North America are required.