Senior Manager (IT Audit)
Established in the 1970s, Sino Group, is a leading property developer in Hong Kong with more than 250 buildings with a total area over 80,000,000 sq. ft. in our investment and development portfolio to date. Our core business encompasses the development of residential properties, offices, industrial and retail properties for sale and investment in China (Hong Kong and Mainland), Singapore and Australia. Widely diversified, the Group comprises private companies owned by the Ng Family as well as three listed companies.
Our core business is complemented by property services ranging from management to security and environmental services. We are also a major player in hotel and club management as well as car park operations. With a team of over 10,000 dedicated professionals, we are committed to creating better lifescapes.
Far East Organization, Sino Group’s sister company, is the largest private property developer in Singapore. Since its establishment in 1960, Far East Organization has provided the island nation with more than 780 properties, including 58,000 private homes, or 1 in 6 private homes in Singapore.
Yeo Hiap Seng, another affiliate company, specialises in the food and beverage business in Asia Pacific with over 200 brands. Yeo Hiap Seng has also ventured into real estate development in Singapore and other markets.
WHAT WE VALUE
Our core business is complemented by property services ranging from management to security and environmental services. We are also a major player in hotel and club management as well as car park operations. With a team of over 10,000 dedicated professionals, we are committed to creating better lifescapes.
Far East Organization, Sino Group’s sister company, is the largest private property developer in Singapore. Since its establishment in 1960, Far East Organization has provided the island nation with more than 780 properties, including 58,000 private homes, or 1 in 6 private homes in Singapore.
Yeo Hiap Seng, another affiliate company, specialises in the food and beverage business in Asia Pacific with over 200 brands. Yeo Hiap Seng has also ventured into real estate development in Singapore and other markets.
WHAT WE VALUE
- Understand the needs of individuals and communities, we put our customer first.
- Thinking ahead and being proactive ensures our preparedness.
- Together with our sense of urgency and quest for continuous improvement, we constantly look for ways to surpass the expectations of our stakeholders.
- We maintain integrity in everything we do.
- Through humility, we appreciate and respect one another.
- With strong teamwork, we strive for quality excellence in building our business and our communities.
Highlight
Post date: 6 April 2023
Ref: SM-ITA
Department: Internal Audit
Location: Tsim Sha Tsui
Ref: SM-ITA
Department: Internal Audit
Location: Tsim Sha Tsui
Responsibilities
The successful candidate will report to the Head of Internal Audit Department and have the following responsibilities:
- Identify, analyze, and evaluate IT risks covering IT governance, operational and security risks in the Group
- Review and assess the effectiveness, adequacy, and efficiency of controls related to IT security, operations, and cybersecurity risks
- Formulate an audit strategy, develop annual audit plans and determine the audit methodology
- Lead, plan, and execute in-depth audit reviews, consultative reviews, and other ad-hoc projects
- Identify root causes to the issues and make practical recommendations to senior management on how to address the issues identified
- Prepare and present audit reports to senior management
- Monitor and validate the implementation status of audit recommendations through regular reviews and proactive interaction with management
- Provide additional support and consultation services
- Continuously review key IT-enabled business initiatives and projects
- Identify, analyze, and evaluate IT risks covering IT governance, operational and security risks in the Group
- Review and assess the effectiveness, adequacy, and efficiency of controls related to IT security, operations, and cybersecurity risks
- Formulate an audit strategy, develop annual audit plans and determine the audit methodology
- Lead, plan, and execute in-depth audit reviews, consultative reviews, and other ad-hoc projects
- Identify root causes to the issues and make practical recommendations to senior management on how to address the issues identified
- Prepare and present audit reports to senior management
- Monitor and validate the implementation status of audit recommendations through regular reviews and proactive interaction with management
- Provide additional support and consultation services
- Continuously review key IT-enabled business initiatives and projects
Requirements
- Degree in IT, Computer Science, Accounting, or related disciplines
- At least 10 years’ experience in IT audit / cybersecurity audit gained in external / internal audit field
- Professional qualifications in information systems (e.g., CISA, CISSP, etc.)
- Sound knowledge of IT governance standard (e.g., COBIT 2019), IT security standard (e.g., ISO27001), cybersecurity standard (e.g., NIST Cybersecurity Framework), and software development framework (e.g., Scrum Master) would be an advantage
Sound knowledge of penetration test, vulnerability assessment (web application, mobile application and network and system infrastructure) with hands-on experience in ethical hacking tools (e.g., Kali, Metasploit, AppScan / OWASP Zap / Accunetix, Nessus etc.)
- Qualifications in penetration test (e.g., OSCP, OSWE, CREST (CCT Web App), CREST (CCT Infra), eCPPT, eWPT, CRTP, CRTE, or equivalent) would be an advantage
- Committed to continuous development of knowledge in regulatory requirements, relevant industry / professional standards, best practices, tools and techniques
- Good report writing skills in English and Chinese
- Candidate with less experience will also be considered as Manager (IT Audit)
- At least 10 years’ experience in IT audit / cybersecurity audit gained in external / internal audit field
- Professional qualifications in information systems (e.g., CISA, CISSP, etc.)
- Sound knowledge of IT governance standard (e.g., COBIT 2019), IT security standard (e.g., ISO27001), cybersecurity standard (e.g., NIST Cybersecurity Framework), and software development framework (e.g., Scrum Master) would be an advantage
Sound knowledge of penetration test, vulnerability assessment (web application, mobile application and network and system infrastructure) with hands-on experience in ethical hacking tools (e.g., Kali, Metasploit, AppScan / OWASP Zap / Accunetix, Nessus etc.)
- Qualifications in penetration test (e.g., OSCP, OSWE, CREST (CCT Web App), CREST (CCT Infra), eCPPT, eWPT, CRTP, CRTE, or equivalent) would be an advantage
- Committed to continuous development of knowledge in regulatory requirements, relevant industry / professional standards, best practices, tools and techniques
- Good report writing skills in English and Chinese
- Candidate with less experience will also be considered as Manager (IT Audit)
Salary
Negotiable
Location
Validity
Expired