Internal Audit Department - IT Audit AVP

Introduction

Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

Overview

The incumbent will be responsible for assisting the Team Lead with oversight, design and execution of the Bank’s IT audit program including audits of IT systems, applications and operations and the attendant risk undertaken in the line of business and control functions. S/he will contribute to audit risk assessment and perform detailed testing, evaluate management action plans, follow up on control issues, and update audit program, risk assessment and audit plans timely.

Responsibilities

Include but are not limited to:

Audit Program Enhancement

• Plan, design, and execute the audit coverage strategy of the IT and data quality and management programs, contribute to the US-wide audit risk assessments, and perform assigned audits by executing approved audit programs and questionnaires
• Review auditor work papers covering planning and fieldwork for sufficiency
• Influence the execution of other audits (business, control functions) with related risks
• Ensure the delivery of audit reports and Internal Audit feedback that is complete, insightful, timely, error free and concise
• Timely update audit programs, risk assessment and audit plans
• Recommend improvements in streamlining audit methodology and optimize the use of the audit workflow tool when available
• Establish and maintain relationships with senior internal stakeholders for the IT and data management and quality programs
• Coordinate with the Data Analysis Team in the design and implementation of continuous monitoring of the IT and data controls during integrated audits

Prompt, Oversee and Report on Corrective Action

• Evaluate management action plans to ensure the audit issue raised are adequately addressed
• Coordinate with key stakeholders to identify emerging and/or control issues affecting operation
• Perform issue tracking and risk-based validation of issues specific to IT program
• Follow up with counterparts to ensure control issues are resolved effectively

Build Expert Knowledge

• Design the auditor professional development plan specific to related skills
• Provide coaching and on-the-job training to audit staff
• Serve as the department subject matter expert on IT risks and audit procedures to test these risks

Qualifications

• A bachelor’s degree is required, and an advanced degree is preferred
• Minimum 5 years of experience in IT risk/audit on IT infrastructure, application and system implementation is required for the AVP level
• Experience as a bank examiner, auditor, consultant or compliance professional with a strong understanding of IT risks, familiar with core banking systems, transactional platforms, workflow tools use for retail and commercial banking is required
• Experience in using computer assisted auditing tools to evaluate assertions is required
• Deep IT lifecycle expertise in order to perform pre-implementation reviews and to evaluate sufficiency of IT beyond operating effectiveness is required
• Familiarity with FFIEC regulatory standards, COSO, COBIT, ISO among others, for IT controls is required
• Capability and willingness to develop staff on technical and soft skills is required
• CPA, CIA, CISA, CRISC, CGEIT, CISSP, CISM and/or equivalent certifications are preferred but not required
• Bilingual capability in Mandarin is preferred but not required"

Pay Range

Actual salary is commensurate with candidate’s relevant years of experience, skillset, education and other qualifications.