VP Internal Audit

Group Internal Audit - Group Internal Audit provides independent assurance to management and the Risk and Audit Committees that HSBC’s risk management, governance and internal control processes are designed appropriately and are operating effectively.

· People responsibility: N
· Report to: SVP Internal Audit & Head Of Technology Audit MSS And Enterprise Technology 

<Role Purpose>

Principal accountabilities: The role holder will support the Head of Audit, Corporate and Institutional Banking (CIB) Technology with the undertaking and delivery of audits, some major and/or highly complex, based on the critical assessment of the IT environment, and of the governance, risk and internal control frameworks that support this.

Undertake general audit activities, as part of a team providing independent, objective assurance over the Group’s internal control framework as well as local regulations and assist business line management by bringing a systematic, disciplined approach to the evaluation and improvement of the effectiveness of risk management, control and governance processes.

<Job Content> 

1. Responsible for providing independent evaluations of internal controls for all IT infrastructure, operations, applications, and projects.
2. Undertake risk assessment, control design and operating effectiveness review of business applications, software development and technical infrastructure as part of various global, regional and local IT audits
3. Provide consultancy services to IT and business management and other Internal Audit teams, covering IT strategy, architecture, security, risks and controls.
4. Based on audit work, draft value-adding audit findings articulating key issues, risks, root causes and action plans.
5. Help producing high quality audit reports for review by senior audit management.
6. Compliance with Global audit standards while undertaking the audit activities.
7. Develop/maintain audit packages for new technology, applications and regulatory requirements.
8. Manage the interface between stakeholders to ensure a common approach to and understanding of key deliverables.
9. Play an integral role in delivering the audit plan.
10. Maintain leading edge knowledge of best practice within audit, financial services and in the risk environment.

<Skills Requirements> 

• A University degree or equivalent qualification.
• A strong experience in IT auditing, IT security or internal control/operational risk with a minimum 5 years' experience, in at least one of these areas.
• An in-depth understanding of the application systems architecture and strategic risks.
• A broad understanding of the financial services industry and associated regulatory environment.
  Strong technical aptitude, excellent control concept and ability to assess risks.
• Good written and verbal communication skills, analytical, problem-solving and interpersonal skills.
• Able to travel for business.
• Good command of English and Chinese, including strong English and Chinese writing skill.
• GPAD covered.

<License/Qualification Requirement> 

1. Role relevant qualifications, e.g. Certified Information Systems Auditor (CISA). Assistance would be given to obtaining the qualification.
2. The job holder is required to obtain the local regulator certified Internal Audit and Internal Control License per the local regulation.