POSITION SUMMARY:

Performs advanced level professional internal auditing and internal control compliance work as a key component of the IT, information system, cybersecurity and governance structure. Work involves directing a comprehensive audit program including performance, financial and compliance IT audit projects; providing consulting services to the organization’s management and staff without affecting independence; providing direction to development of the Annual Audit Plan; and providing ongoing training, coaching and supervision of staff. Maintains organizational and professional ethical standards. Works independently with extensive latitude for initiative and independent judgement.

PRIMARY RESPONSIBILITIES:

• Work with the Team in overall assessment of the adequacy and effectiveness of financial, operational and compliance controls of the Group's business and corporate operations, through the performance of risk-based audits and a well-coordinated integrated audit plan
• Lead testing of IT General Controls and Application Controls to comply with SOX 404 requirements. Perform audit over IT application controls and infrastructure within key business processes, including logical access, physical access, system development and computer operations; as well as key reports and application controls across multiple different applications, operating systems, and databases
• Perform periodic monitoring of IT compliance, review test results and related remediation activities, and monitoring business activities, functions and practices to ensure compliance with local regulations and policies
• Plans and executes audits of client/server technology platforms and evaluates IT internal controls and works collaboratively with management to identify actions needed.
• Plans and executes the audit programs for the IT audit of Macau DICJ’s minimum internal control requirements (“MICR”). To co-ordinate independent DICJ auditor, as may be required, to achieve the scope of the Internal Audit department under the DICJ’s MICR on IT compliance
• Recommend improvements to strengthen the overall control environment, based on findings from audits and risk assessments including internal accounting controls designed to safeguard the Casino’s assets and resources, and ensure compliance with the federal laws and regulations. Assisting in establishing and developing appropriate and effective internal compliance policies and procedures on any new regulatory requirements and business activities or products
• Assumes responsibility as project leader for special IT audit projects and provides assurance and advisory (as applicable) services particularly on Cyber security, system implementation, data security, cloud computing and digital project
• Supervise junior staff when acting as Lead auditor on a job, including assigning and reviewing their work and providing mentoring and training as needed
• Discuss and agree findings and recommended remedial actions with Auditee management. Proffer economical resolutions to issues identified. Identify any key compliance risks and weaknesses and recommend enhanced procedures to improve operational efficiency and control. Drafting reports and recommendations on areas reviewed
• Coordinate controls assessment and SSAE reporting requirements as required
• Coordinate the external audit review of ITGC and application controls (Hong Kong, Macau, Manila and Cyprus)
• Providing advice to members of management, officers and employees on IT and system control compliance issues
• Evaluate the controls and processes required to effectively conduct and manage the risk associated with the overall vendor management program within your organization
• Provides or assists and implement appropriate training programmes in conjunction with the Training Manager, coaching, and guidance to internal audit and internal control compliance staff in conducting IT audits and other audit-related IT compliance issues; and to support risk base approach, dual purpose program, key controls and remediation efforts on an on-going basis
• To maximize productivity and morale by setting goals, evaluation procedures, providing clear guidelines and by developing team spirit

KEY PERFORMANCE INDICATORS:

• Complete assigned work to the required professional standard within the time allocated
• Minimal staff turnover. Staff achieving accreditations
• Challenge your current understanding of business and information systems and your ability to learn new concepts quickly and provide value added recommendations

QUALIFICATIONS:

Experience

• Minimum of 10 years' internal or external audit experience with operational audits, IT auditing and risk management.
• Experience in gaming or hotels resort will be a distinct advantage
• Must have a broad understanding of IT processes, systems and emerging technologies including general computer controls, SAP / Oracle/AX, ERP, Cybersecurity, cloud computing, privacy and mobile computing, COBIT, 2019, NIST/CIS, COSO framework and SOX regulations

Education

• Degree holder in Computer Science, Information System or related disciplines
• CISA, CISSP, CISM or other key control certification required.

Skills / Competencies

• Knowledge of planning and performing duties on risk-assessed basis and good understanding of IT application and general controls is essential (e.g., Change Management, System Development Lifecycle, Information Security, IT Operations etc.)
• Functional/audit/consulting expertise with technical areas such as data analytics, cybersecurity, cloud computing, SAP/Oracle/AX, mobile technology, application infrastructure; with experience demonstrating increasing responsibility in subject area
• Perform data analysis through tools such as ACL, e.g. to do predictive analysis
• Excellent command of both written and spoken English and Chinese mandatory
• Result-oriented, self-motivated, detail-minded, able to work and manage projects independently and work as part of a team
• Flexibility to travel - as required (about 50%)
• Must be able to meet numerous statutory/reporting deadlines under tight time constraints
• Excellent communication skills, both written and verbal, including the ability to summarise information and technical issues in presentations or memos for senior management
• A creative, analytical and practical approach to resolving issues, and able to work under pressure and multi-task