Back to job search

Associate Director, Technology GRC

  • Location:

    Hong Kong

  • Sector:


  • Job type:


  • Salary:


  • Contact:

    Preksha Tripathi

  • Contact email:

  • Job ref:


  • Published:

    ongeveer een maand geleden

  • Expiry date:


Looking for Technology GRC, Associate Director candidate for my client.

Permanent role + attractive salary + big bonus + other benefits.


  • Design and execute the day-to-day activities of IT-related audits, compliance and risk assessments, with a focus on strategic, operational and regulatory/compliance related risks
  • Plan activities related to development of audit program, and execution of internal audits and IT control assessments in the following areas: cybersecurity, IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third party risk, programs and projects, automation, General Information Technology Controls (GITCs) and application controls, and regulatory/compliance requirements
  • Lead project team to review clients' processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and senior management of clients
  • Engagement management including the managing of scoping, financial management, delivery risk management and the review of deliverables
  • Develop proposal, project scoping, financial management, delivery risk management and the review of deliverables
  • Contribute to knowledge base and internal practice development initiatives
  • Supervise and provide performance management for junior staff working on assigned engagements
  • Write and present clear and concise reports and presentations containing meaningful observations and recommendations to clients, and document procedures performed and conclusions reached related to projects


  • Experience working within an internal audit, IT risk or IT compliance function as an internal employee or as part of a professional services firm, in the Financial Services Industry
  • Bachelor's/Master's degree in an appropriate field from an accredited college/university
  • Prior knowledge leading and executing risk-based IT-related internal audits and/or risk and control assessments, leveraging IT governance and control frameworks such as COBIT, NIST CSF, NIST 800- 53, SOC2, ISO27001, and ITIL
  • Familiar with technology regulatory requirements by the HKMA, SFC, Insurance Authority or other regional regulators. (e.g. C-RAF, TM-E-1, TM-G-1, TM-G-2, SA-2, GL20, etc.)
  • CISA, PMP, CISSP, CGEIT, CRISC or ISO27001 Lead Auditor certification is preferred
  • Experience with IT Risk Management and three lines of defense frameworks
  • Excellent reporting and presentation skills
  • Ability to deliver work within tight timelines, on budget and at a high level of quality
  • Strong teamwork ability and able to work independently

Image 2020 11 03 T18 19 45

The latest OJ Webinar

Are you looking to relocate?