About the Role
As an IT Internal Auditor, reporting to the Internal Audit function, you will play a critical role in evaluating the organization’s IT systems, controls, and processes to ensure integrity, confidentiality, and availability of data. Your work directly supports audit objectives by validating the effectiveness of security controls, ensuring regulatory compliance, and mitigating operational risks.
Key Responsibility
- Lead and execute end-to-end IT audit engagements across multiple domains including network infrastructure, cloud, data governance, cyber security, and application systems.
- Identify risks and provide recommendations to improve control environments.
- Perform data analytics to support audit objectives, interpreting the complex data structures and business processes.
- Independently perform audit assignments
- Collaborate with stakeholders to ensure effective communication of audit results.
Requirements
- Minimum 3-5 years of experience in IT audit, IT risk, or cyber security.
- Experience with IT general control (ITGC), IT application control (ITAC).
- Experience with IT standards, frameworks, and regulations (e.g., NIST, ISO 27001, Data Privacy, COBIT).
- Degree in computer science/computer engineering/information security or equivalent.
- Familiarity with systems and operational architecture of large internet companies or online business models.
- Good communication (spoken and written) skills, able to work independently and as a team.
- Experience in data analytics and usage of related technology tools.
- Certifications from either CISA, or CISSP required.
- Good to have: Basic Mandarin skills for simple verbal and written communication with Chinese partners.
IT 内部审计师
职位简介
作为一名向内部审计部门汇报的 IT 审计师,您将在评估组织的 IT 系统、控制措施和流程方面发挥关键作用,以确保数据的完整性、机密性和可用性。您的工作将通过验证安全控制措施的有效性、确保合规性以及降低运营风险来直接支持审计目标。
主要职责
- 领导并执行跨多个领域的端到端IT审计工作,包括网络基础设施、云计算、数据治理、网络安全和应用系统。
- 识别风险并提供改进控制环境的建议。
- 执行数据分析以支持审计目标,解读复杂的数据结构和业务流程。
- 独立执行审计任务。
- 与利益相关者合作,确保审计结果的有效沟通。
职位要求
- 至少3-5年IT审计、IT风险或网络安全经验。
- 具备IT总体控制(ITGC)和IT应用控制(ITAC)经验。
- 熟悉IT标准、框架和法规(例如NIST、ISO 27001、数据隐私、COBIT)。
- 计算机科学/计算机工程/信息安全或同等学历。
- 熟悉大型互联网公司或在线商业模式的系统和运营架构。
- 良好的沟通能力,能够独立工作和团队合作。
- 具备数据分析和相关技术工具使用经验。
- 需持有CISA或CISSP认证。
- 加分项:具备基础中文能力,能够与合作伙伴进行简单的口头和书面沟通。