IT Audit and Compliance Manager

Work location: Taipo (onsite free parking)

Roles & Responsibilities

● Oversee the ISMS program & risk management process for IT

● Conduct and drive regular risk assessment as per compliance requirement

● In charge of the adoption of TISAX program for the whole JE organization and overseeing the entire programs

● Participating in internal and external audits with external auditors and customers

● Communicate security policies, standards, controls and posture to customers and stakeholders

● Participates in disaster recovery and business continuity planning (BCP) activities yearly with appropriate stakeholders

● Prepares reports, business cases, and presentations on security risk, controls, the status of compliance efforts, etc.

● Acts as liaison between IT and other functions (e.g., legal) regarding information security events or incidents Evaluate new or updated industry regulations to ensure continued compliance

Requirements

● A bachelor’s degree in information security, computer science, or related field

● 5+ years of compliance management experience

● Certifications: ISO27001 auditor and CISA

● Well-versed in industry regulations and can translate complex security concepts into layman’s terms

● Must be able to effectively communicate with all levels of management

● Strong interpersonal skills and ability to influence others

● Thorough knowledge of information security and compliance concepts

● Working knowledge of industry-leading information security tools and technologies

● Possess strong analytical and problem-solving skills

● Well-versed with security controls and understanding the underlying technical concepts

● Ability to work independently and manage multiple priorities simultaneously

● Ability to make problem solving decisions under pressure

● Positive attitude and strong commitment to the delivery of quality work

● Good command of written and spoken English, Putonghua and Cantonese

● Possess strong experience in cloud auditing method and technique

● Able to work with oversea colleagues and drive results

● Ability to work outside of normal office hour in a multi-regional environment (e.g.: Americas/Europe/Canada) regularly

Preferred qualifications

● In-depth knowledge of at least two major regulatory frameworks (e.g., TISAX VDA ISA 5/6 & ISO 27001:2022)

● Certifications in information security or compliance (ISO 27001 lead auditor, CISSP, CISM, CRISC, CISA etc.)

The information provided will be treated in strict confidence and be used only for consideration of your application for relevant / similar posts within the Group/ Company.