IT审计经理ITAuditManager

Position:职位：Reporting to the Audit & Assurance BU向审计与鉴证业务部门报告Based in Shanghai, but able to deliver services all over China, with possible assignments on a regional level在上海办公，但同时能够为整个中国不同区域的项目提供服务Roles & Responsibilities岗位职责-Create, develop and lead an IT audit practice for mainland China创建、开发并领导中国大陆地区的IT审计业务-To serve both internal and external clients:为内外部客户提供服务：Internal clients:内部客户：oAssist audit teams in planning, performing and managing audit assignments by examining the IT General Controls related to the IT infrastructure and the IT Application Controls to assess the risks in information systems and corresponding implications for the audit; report findings and provide recommendations to improve effectiveness of the IT environment协助审计团队进行审计计划、执行和管理审计项目，检查IT基础设施相关的IT一般控制和IT应用控制，评估信息系统存在的风险及其对审计的影响，报告审计发现并为完善IT环境效力提供建议oAssist audit teams through the development and implementation of Computer Assisted Audit Techniques - data analysis tools (ACL, Scan D, Access, Excel, etc.)协助审计团队开发应用计算机辅助审计技术-数据分析工具（ACL，Scan D, Access, Excel 等）External clients: develop, market, sell and deliver additional service offers to existing Mazars clients, as well as to "greenfield" clients in the following areas:外部客户：开发市场，向玛泽现有客户以及如下领域的"待开发"客户销售并提供额外的服务IT AdvisoryIT咨询Strategy & governance:战略与治理：-IT governance;IT治理-project management & SDLC reviews;项目管理与SDLC审查-IT strategy, policies and procedures;IT战略、政策与程序-IT change management;IT变更管理-IT risk assessment;-IT风险评估-vendor evaluation;-供应商评估-compliance monitoring.-合规性监督IT security:IT安全：-security reviews & control assessments;安全审查与控制评估-vulnerability & risk assessment;缺陷与风险评估-network & application security;互联网与应用安全-compliance monitoring;合规性监督-infrastructure & information security;基础设施与信息安全-physical & environmental security;物理与环境安全-access control reviews;接入控制审查-network security reviews ;互联网安全审查-firewall and IDS controls.防火墙与IDS控制Asset management:资产管理：-asset management solutions;资产管理解决方案-operations & performance evaluation;运营与绩效评估-cost optimization plans.成本优化规划Business continuity:永续经营：-disaster & recovery management;灾难与复原管理-continuity & high availability solutions.持续性与高实用性解决方案Risk management & compliance:风险管理与合规：-third party compliance ‐ SAS 70;第三方合规-SAS70-SOX Reviews.萨班斯法案审查ERP & IT application services:ERP与IT应用服务：-ERP & implementation partner selection;ERP及实施合作伙伴选择-application control effectiveness;应用控制有效性-pre‐go live reviews;上线前审查-post implementation reviews;实施后审查-ERP effectiveness reviews.ERP有效性审查Assistance to other business units协助其它业务部门-Forensic法鉴-Governance, Risk and Internal Controls治理、风险和内控-Transaction Services / Due diligence交易服务/尽职调查-Corporate Finance / IPO企业金融/首次公开发行Requirements:要求：?Bachelor or Master degree with an IT or Accounting related major;IT或审计相关专业学士或硕士学位?Minimum 5 years of work experience in the IT Audit field in an international audit firm;国际会计师事务所IT审计领域至少5年的工作经验?Experienced in ERP-systems (SAP, Oracle, etc.);具有ERP系统（SAP, Oracle 等）经验?Familiar with IT Audit standards and frameworks (ISA, COBIT, COSO etc.);熟悉IT审计准则及框架（ISA, COBIT, COSO等）?Fluent in Mandarin and English (speaking & writing);中英文（口语及书面）流利?CISA (Certified Information Systems Auditor) certified;注册信息系统审计师资格?Interest and strong understanding of business processes / accounting;充分理解并对业务流程/会计感兴趣?Willing to travel;愿意出差?Client-facing skills面向客户的技能?Experienced in Microsoft office (Word, Excel, Power Point).熟练微软办公软件（Word, Excel, Power Point）