IT Auditor, Manager

工作内容

*This role is located in Bade, Taoyuan. We offer free shuttle from Taipei to Bade daily.

Summary:

The IT Auditor, Manager leads the day-to-day tactical execution of audit, advisory projects and SOX General IT Control testing:

o Applies industry-based information security & control frameworks (NIST Cyber Security Framework, ISO 2700x, SOC1&2 (SSAE18), PCI DSS, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.

o Assists with the implementation and adjustment of project plans to ensure delivery in accordance with established project budgets and timelines.

o Participates in department-wide process improvement initiatives and special projects

o Provides first level review of work paper documentation to ensure the retained documentation supports the audit work performed

o Prepares or assists the project manager in preparing formal audit recommendations and reports

o Partners with the IT audit management to assess the adequacy of the corrective action(s) taken by management, stakeholders, or process owners to improve governance, risk management, and control issues

Essential Duties and Responsibilities:

This position requires hands-on experience in evaluating SAP access controls and configurable application controls:

o Plan and perform reviews of IT general and application controls. This includes supporting integrated audits and system implementation reviews

o Leads the planning, scheduling, and execution of assigned IT audit projects. Ensures projects are moving forward by working effectively with management

o Identifies, suggests, and helps implement new/improved audit approaches, tools, and techniques.

o Work closely with Business/IT to map and coordinate IT activities with business scope

o Provide best SAP practice for controls implementation

o Ensures that all work papers prepared as part of the audit engagement include sufficient evidence to support audit conclusions, and meet Audit Standards and internal policies

o Professionally communicates scope, purpose, and conclusions both verbally and in writing

o Support development of the assigned practice area by actively contributing perspective to the team’s priorities and risk assessments, identifying areas where further research and development would be value-added, creating audit tools, establishing client relationships, and identifying and sharing relevant information

Qualifications:

First-level university degree (finance, accounting, business).

MBA or equivalent advanced degree a plus.

CRISC, CISSP, CISM, CISA, or CIA or equivalent audit certification highly desirable.

Typically 8+ years of related experience IT, Information Security, or audit.

Knowledge and Skills:

o Systematic understanding of internal audit policies and operating principles.

o Intermediate understanding of IT Security, Change Managment and IT Operations processes.

o IT risk assessment and scoping skills.

o Aligns IT controls to business processes and control objectives

o Experienced in data science and continuous assurance

o Collaborates with second line of defense

o Solid financial and business acumen.

o Working knowledge of accounting principles.

o Demonstrated project management skills such as planning, execution, and implementation.

o Advanced knowledge of Microsoft tools.

o Excellent English verbal and written communication skills