Senior Analyst, IT Audit (based in HK) - REQ11403

 POSITION SUMMARY:

Performs advanced level professional internal auditing and internal control compliance work as a key component of the IT, information system and governance structure. Work involves directing a comprehensive audit program including performance, financial and compliance audit projects; providing consulting services to the organization’s management and staff; providing direction to development of the Annual Audit Plan; and providing ongoing training, coaching and supervision of staff. Maintains organizational and professional ethical standards. Works independently with extensive latitude for initiative and sound judgement.

PRIMARY RESPONSIBILITIES:

• Work with the Team in overall assessment of the adequacy and effectiveness of financial, operational and compliance controls of the Group's business and corporate operations, through the performance of risk-based audits and a well-coordinated integrated audit plan.
• Assist with the testing of IT General Controls and Application Controls to comply with SOX 404 and local regulatory requirements. Perform audit over IT application controls and infrastructure within key business processes, including logical access, physical access, system development and computer operations; as well as key reports and application controls across multiple different applications, operating systems, and databases.
• Perform periodic monitoring of IT compliance, review test results and related remediation activities, and monitoring business activities, functions and practices to ensure compliance with local regulations and policies.
• Assist with planning and carrying out the audits of client technology platforms and evaluates IT internal controls and works collaboratively with management to identify actions needed.
• Recommend improvements to strengthen the overall control environment, based on findings from audits and risk assessments including internal accounting controls designed to safeguard the Company’s assets and resources, and ensure compliance with the federal laws and regulations.  Assisting in establishing and developing appropriate and effective internal compliance policies and procedures on any new regulatory requirements and business activities or products.
• Assumes supporting role for special IT audit projects and provides advisory and consulting services to management, particularly on cyber security, data analytics, data protection and digital compliance.
• Supervise junior staff when acting as field in-charge on a job, including assigning and reviewing their work and providing mentoring and training as needed.
• Discuss and agree findings and recommended remedial actions with Auditee management. Proffer economical resolutions to issues identified.  Identify any key compliance risks and weaknesses and recommend enhanced procedures to improve operational efficiency and control. Drafting reports and recommendations on areas reviewed.
• Coordinate controls assessment and SSAE reporting requirements as required.
• Coordinate the external audit review of ITGC and application controls (Hong Kong, Macau and Manila).
• Providing advice to members of management, officers and employees on IT and system control compliance issues through audit findings and issues discussion.
• Assists and implement appropriate training programmes in conjunction with the Training Manager, coaching, and guidance to internal audit and internal control compliance staff in conducting IT audits and other audit-related IT compliance issues; and to support risk base approach, dual purpose program, key controls and remediation efforts on an on-going basis.
• To maximize productivity and morale by setting goals, evaluation procedures, providing clear guidelines and by developing team spirit..

KEY PERFORMANCE INDICATORS:

• Complete assigned work to the required professional standard within the time allocated.
• Challenge your current understanding of business and information systems and your ability to learn new concepts quickly and provide value added recommendations.

QUALIFICATIONS:

Experience 

• Minimum of 3 years' internal or external audit experience with financial audits, IT auditing and risk management.
• Experience in gaming or hotels resort will be a distinct advantage
• Preferable to have adequate understanding of IT processes, systems and emerging technologies including general computer controls, ERP, Cybersecurity, cloud computing, privacy and mobile computing, COBIT, COSO framework and SOX regulations

Education 

• Degree holder in Accounting, Information System or related disciplines
• CISA , CISSP, CISM or other key control certification required.

Skills / Competencies 

• Knowledge of planning and performing duties on risk-assessed basis and good understanding of IT application and general controls is essential (e.g., Change Management, System Development Lifecycle, Information Security, IT Operations etc.)
• Functional/audit/consulting expertise with technical areas such as data analytics, cybersecurity, cloud computing, Workday/Oracle/AX, mobile technology, application infrastructure; with experience demonstrating increasing responsibility in subject area
• Perform data analysis through tools such as ACL, e.g. to do predictive analysis.
• Excellent command of both written and spoken English is mandatory
• Result-oriented, self-motivated, detail-minded, able to work and manage projects independently and work as part of a team.
• Flexibility to travel - as required (about 30%).
• Must be able to meet numerous statutory/reporting deadlines under tight time constraints.
• Excellent communication skills, both written and verbal, including the ability to summarise information and technical issues in presentations or memos for senior management.
• A creative, analytical and practical approach to resolving issues, and able to work under pressure and multi-task.

To apply or for more information, please visit our website:
https://mycareer.melco-resorts.com/ [link removed]
Suitable candidates will be invited for an interview within 4 weeks of their application. All information collected will be used for recruitment purposes only.