banner background image

Internal Audit Division

Assistant Vice President, Internal Audit (Information Technology)


  • Assist IT Audit Team Head to establish and maintain Internal Audit policy and procedures related to IT audit which align with regulatory requirement and industry best practices to ascertain audits are effectively performed
  • Develop and implement an audit strategy plan which aligns with bank’ strategy to drive Audit excellence and development
  • Identify and recommend areas for improvements in internal control and operational efficiency
  • Ascertain management actions are timely, adequately and effectively completed by related IT units management and conduct continuous monitoring on IT areas to assess the associated risks
  • Manage audit relationship with internal and external stakeholders to keep abreast of changes in business and control mattes to Chief Audit and Senior Management
  • Perform investigation of IT related internal fraud and other cases
  • Provide consultancy advice to management on IT related internal control matters
  • Perform digitalization and Computer Assisted Audit Technique (CAATs) development in internal audit
  • Perform ad hoc duties as assigned


  • Degree holder in Information Systems, Computer Science or related disciplines
  • Minimum 5 years’ experience in IT internal/external audit or IT risk management, candidate with less experience will also be considered
  • Candidate with substantial system development or IT operations experience is preferred
  • Experience in banking regulatory requirement, for example, Independent Compliance Assessment (ICA) on Technology Risk Management (TRM), e-Banking and Business Continuity Planning (BCP) or the Cyber Resilience Assessment Framework
  • Sound understanding of IT application, infrastructure controls and regulatory requirements including TM-E-1, TM-G-1, SA-2, CDP and C-RAF
  • Good analytical, interpersonal and communication skills
  • Good report writing skills in Chinese and English
  • Professional qualifications such as CISA, CISM or CISSP would be an advantage