POSITION SUMMARY:

Performs advanced level professional internal auditing and internal control compliance work as a key component of the IT, information system and governance structure. Work involves directing a comprehensive audit program including performance, financial and compliance audit projects; providing consulting services to the organization’s management and staff; providing direction to development of the Annual Audit Plan; and providing ongoing training, coaching and supervision of staff. Maintains organizational and professional ethical standards. Works independently with extensive latitude for initiative and sound judgement.

PRIMARY RESPONSIBILITIES:

• Work with the Team in overall assessment of the adequacy and effectiveness of financial, operational and compliance controls of the Group's business and corporate operations, through the performance of risk-based audits and a well-coordinated integrated audit plan.
• Assist with the testing of IT General Controls and Application Controls to comply with SOX 404 requirements. Perform audit over IT application controls and infrastructure within key business processes, including logical access, physical access, system development and computer operations; as well as key reports and application controls across multiple different applications, operating systems, and databases. 
• Perform periodic monitoring of IT compliance, review test results and related remediation activities, and monitoring business activities, functions and practices to ensure compliance with local regulations and policies.
• Assist with planning and carrying out the audits of client technology platforms and evaluates IT internal controls and works collaboratively with management to identify actions needed.
• Assist with planning and carrying out the audit programs for the IT audit of Macau DICJ’s minimum internal control requirements (“MICR”).  
• Recommend improvements to strengthen the overall control environment, based on findings from audits and risk assessments including internal accounting controls designed to safeguard the Company’s assets and resources, and ensure compliance with the federal laws and regulations. Assisting in establishing and developing appropriate and effective internal compliance policies and procedures on any new regulatory requirements and business activities or products.
• Assumes supporting role for special IT audit projects and provides advisory and consulting services to management, particularly on cyber security, data analytics, data protection and digital compliance.  
• Supervise junior staff when acting as field in-charge on a job, including assigning and reviewing their work and providing mentoring and training as needed.
• Discuss and agree findings and recommended remedial actions with Auditee management. Proffer economical resolutions to issues identified. Identify any key compliance risks and weaknesses and recommend enhanced procedures to improve operational efficiency and control. Drafting reports and recommendations on areas reviewed.
• Coordinate controls assessment and SSAE reporting requirements as required.
• Coordinate the external audit review of ITGC and application controls (Hong Kong, Macau and Manila).
• Providing advice to members of management, officers and employees on IT and system control compliance issues through audit findings and issues discussion.
• Assists and implement appropriate training programmes in conjunction with the Training Manager, coaching, and guidance to internal audit and internal control compliance staff in conducting IT audits and other audit-related IT compliance issues; and to support risk base approach, dual purpose program, key controls and remediation efforts on an on-going basis.
• To maximize productivity and morale by setting goals, evaluation procedures, providing clear guidelines and by developing team spirit.

KEY PERFORMANCE INDICATORS:

• Complete assigned work to the required professional standard within the time allocated.
• Minimal staff turnover. Staff achieving accreditations
• Challenge your current understanding of business and information systems and your ability to learn new concepts quickly and provide value added recommendations

QUALIFICATIONS:

Experience

• Minimum of 3-5 years' internal or external audit experience with financial audits, IT auditing and risk management.
• Experience in gaming or hotels resort will be a distinct advantage
• Preferable to have adequate understanding of IT processes, systems and emerging technologies including general computer controls, ERP, Cybersecurity, cloud computing, privacy and mobile computing, COBIT, COSO framework and SOX regulations