Information System Auditor
- Hong Kong
- Permanent, Full time
- SOCIETE GENERALE HK
- 18 Feb 19
Information System Auditor
The Inspection General and Internal Audit Division (IGAD) is Societe Generale Group 3rd line of Defense under the authority of the Head of Inspection and Audit, who reports directly to the Group's Chief Executive Officer. Audit is organized in geographical and functional zones, while General Inspection on top of audit work covers more particularly major risks for the Group, transversal topics and strategic issues.
The main role of IGAD is to review operational entities in an objective, thorough and risk-based manner to assess the compliance of the Group's operations, the level of risk actually incurred, the enforcement of procedures and the effectiveness and relevance of the corresponding permanent control set up. IGAD issues recommendations in order to better manage risks and to increase the efficiency of the Group's activity.
Within IGAD, the Information System Audit department is a global and transversal organization that plays a key role in reinforcing Societe Generale's third line of defense against Information System risks.
The auditor will have a regional coverage and will contribute to audit assignments on SG Group entities in Asia Pacific.
The auditor will be responsible for the execution of audit assignments and controls with a strong focus on Information Systems (IS) and in particular on fields like Information System Security, Project Management, Software Development Life Cycle, Change and Release Management and Production Support.
Key activities in audit assignment are to:
- Execute all audit assignments in accordance with professional standards,
- Prepare audit work programs in good understanding of the specific risks to be evaluated,
- Perform audit controls within the committed budget and deadline,
- Maintain clear work papers and audit trail of the work done,
- Make relevant recommendations to improve SG processes and reduce risks,
- Write formal & clear reports to communicate audit results to the management.
The auditor will also contribute to the Risk Assessment and Continuous Monitoring processes to elaborate the annual audit plan and regularly adjust it if significant risks arise.
In addition, the auditor will handle the follow-up of audit recommendations in a timely manner, and escalate to audit supervisors and management when needed.
Finally, the auditor will contribute his/her expertise to the global Information System Audit community and advice general auditors on Information Systems risks.
SG Business Lines and Group Functions in Asia Pacific cover various aspects of Banking Services with a core business activity focusing on Corporate and Investment Banking.
The main focus of the role will be SG Information System's business applications, IT infrastructure (network, servers and database) and IT services.
Required experience and knowledge:
- Bachelor degree or above in Information Systems or Computer Science
- Strong knowledge in Information System Security is required
- Minimum 5-7 years of total experience with operational experience in Information System such as
- Information System Security
- Production support or IT infrastructure support
- Change and release management and testing,
- Software development (C++, Java, C#), preferably under agile
- Experience in Investment Banking or in another banking activity is preferred
- Internal Audit background is a plus:
- knowledge of COBIT or another IT risk framework
- CISA or another IT audit certification
- Can demonstrate a great level of integrity
- Robust analytical skills to relate IT risks with potential business exposure
- Adapt quickly to new environment and is curious to learn and develop new skills/knowledge
- Organized and autonomous with the ability to deliver quality work within committed deadlines
- Good communication skills and ability to interact with management as well as operational staff
- Fluent command of English, with good report writing and presentation skills
- Team player