Internal Audit - Asia Technology Audit, Executive Director (Hong Kong)

Morgan Stanley
Hong Kong
Competitive salary
财务主管, 内审, 审计
Company Profile

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 747 offices in 42 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Department Profile

Internal Audit is responsible for validating whether the Firm operates in a controlled environment with appropriate risk management processes. Auditors evaluate the adequacy and effectiveness of the Firm’s internal controls using a risk-based methodology developed from professional auditing standards. Internal Audit assists in monitoring the Firm’s compliance with internal guidelines set for risk management and risk monitoring, as well as external rules and regulations governing the industry. The team reports directly to the Board Audit Committee and helps verify whether the Firm meets all of its fiduciary responsibilities to shareholders, while adhering to corporate-governance standards and legal and regulatory requirements. Internal Audit comprises Business, Risk and Technology auditors. Business and Risk auditors focus on understanding the risks that the businesses face and the controls to mitigate those risks. Technology auditors focus on the application controls supporting business processes, including systems development, application security and entitlements, production management, and technology governance. Both groups are responsible for understanding, analysing and testing the controls to protect the franchise.

The Asia Internal Audit Department, as the 3rd Line of Defence (LOD), is responsible for audits across all Morgan Stanley businesses, support and control functions, including the 1st and 2nd LOD, in the region. The audits are designed to assess the adequacy of the control environment and to provide the Board Audit Committee and relevant regional committees with an independent assessment of risk across the Firm.

Job Description

Morgan Stanley is seeking a strong Technology Audit candidate to lead a regional team covering the applications and system infrastructure supporting the Asia businesses. This role, based in Hong Kong, reports functionally to the International Head of Technology Audit and regionally to the Asia Co-Heads of Internal Audit.

Technology Auditors focus on the application and system infrastructure controls that manage business risks and are responsible for understanding, analyzing, and testing the technology controls, including those over data accuracy, completeness and processing, systems development, application security and entitlements, production management and technology governance.


Experience and Skills

· At least 12 years of IT Audit experience with a Financial Services, Brokerage Firm or a Public Accounting Firm with emphasis on the Financial Services Industry

· Must have a proven ability in communicating with senior Technology management

· Proven ability to manage a geographically spread audit team

· Proven ability to manage and supervise a portfolio of audit projects and assist in the scheduling and staffing of audit assignments

· Proven ability to partner with Technology and Financial Auditors and work within a team

· Strong knowledge of financial products to help plan audit engagements and assess risks

· Strong knowledge of audit procedures and ability to review and manage the quality of audit work

· Experience in auditing applications, interfaces, system infrastructure, data processing and computer general controls

· Experience in both distributed and mainframe environments

· Experience with Enterprise Infrastructure and Cybersecurity

· Experience with data Analytics and data mining tools

· Strong written and verbal communication skills, in particular related to audit practices, e.g. auditee interviewing, drafting of audit issues and presentation of audit results

· Proven ability to manage multiple projects, while meeting deadlines with minimal supervision

· Proven ability to build strong relationships with both the Business Unit and Technology senior managers

· Understanding of regulatory landscape in Asia (and preferably US and UK) and impact on technology and data

· Understanding of control frameworks, e.g. COBIT, ITIL, ISO17799, COSO, CMMI

Professional Qualifications

· Graduate or Bachelor’s Degree (Computer Science or IT related preferred)

· IT Audit/Security related professional certifications (CISA, CISSP certifications)

· Accounting skills/background and related professional certifications (ACA, ACCA, CPA, etc.) will be an advantage