Description

Role Overview: We are exclusively engaged by a leading multinational insurance group to find a skilled IT Audit Manager. Embedded within the regional Internal Audit function, this role is pivotal in assessing technology risks, safeguarding data integrity, and evaluating the effectiveness of IT controls across the firm's expanding digital and cloud landscape. This is a fantastic opportunity for a tech-risk professional to make a tangible impact in a dynamic, heavily regulated sector.

Key Responsibilities:

1. Audit Execution: Lead and execute comprehensive IT audits across infrastructure, applications, cybersecurity, and cloud environments within the APAC region.
2. Risk Assessment & Planning: Partner with the Head of Audit to develop risk-based annual IT audit plans, aligning with business strategies and emerging technological threats.
3. Control Evaluation: Assess the design and operating effectiveness of IT General Controls (ITGC) and automated application controls.
4. Regulatory Compliance: Ensure IT practices comply with group policies and local regulatory requirements, including the Hong Kong Insurance Authority (IA) guidelines (e.g., GL20 on Cybersecurity).
5. Advisory & Remediation: Provide actionable recommendations to IT and business stakeholders to mitigate identified risks. Track and validate the implementation of remediation plans.
6. Stakeholder Management: Build strong, collaborative relationships with the CIO, CISO, and other key technology leaders to promote a robust risk culture.

Key Requirements:

1. Education & Qualification: Degree in Computer Science, Information Systems, or a related technology field. Relevant professional certifications (CISA, CISM, CISSP, or CRISC) are strictly required.
2. Experience: 6 to 9 years of experience in IT Audit, Technology Risk, or Cybersecurity, preferably within the Insurance or broader Financial Services industry. Big 4 IT Advisory/Audit alumni are highly welcome.
3. Technical Knowledge: Strong understanding of cloud architecture (AWS/Azure), cybersecurity frameworks (NIST, ISO 27001), and data privacy regulations.
4. Skills: Excellent analytical skills with the ability to translate complex technical risks into clear business impacts for non-technical stakeholders.
5. Language: Excellent command of written and spoken English. Proficiency in Cantonese/Mandarin is a strong advantage.