Reports to: Head of IT Internal Audit
- Take charge in carrying out risk-based IT related assurance and consulting services as instructed by the Head of IT Internal Audit covering IT Risk Governance and Compliance across the Group, its subsidiaries and HKE (the “CX Group”).
- Assist the Head of IT Internal Audit in delivering value-adding and practical “can-do” advice over digital and technology that addresses key management concerns and mitigate risks effectively.
- Promote the vision of Group Internal Audit through close business partnerships with various stakeholders of the CX Group. Assist in preparing audit committee materials.
- Understand the CX Group’s business and risks, stay abreast with industry trends and regulations and suggest any required changes to the GIA team as necessary. Maintain up-to-date knowledge about the CX Group standards, policies and procedures and deliver quality assurance services. Assist the Head of IT Internal Audit in sharing common issues/fraud/errors with respective stakeholders to promote good Governance, Risk and Compliance culture.
- Deliver independent and objective IT related assurance services across the CX Group - covering all aspects of IT including IT Governance, Risk and Compliance, cyber and data security as well as any emerging technologies; support the finance & operation audit team as a subject matter expert covering IT related matters over integrated audits.
- Prepare all audit related supporting document including time sheet, planning memo, work paper, implementation status updates and audit reports timely, address management concerns through clear communications and agreement with the senior management and respective stakeholders, provide customer-centric, digital-enabled and sustainability-conscious audit recommendations.
- Comply with Audit Manual to ensure that established standards and practices are followed through internal audit activities, including the Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors (“IIA”).
- Maintain proficiency and competency of auditing skills by attending adequate trainings; suggest essential and value-added trainings to the GIA leaders as appropriate to support the growth and the overall success of the team.
- Acting as the backup key support during the absence of Head of IT Internal Audit.
- Degree from reputable institution and professional IT auditing qualification such as CISA or equivalent designation. CISM, CISSP, CPA, CA, CFE and/or CIA is a definite asset.
- Minimum 7 years and preferably 2+ years in team leading capacity, and with broad IT Audit experience in Big 4 accounting firms or in-house roles.
- Good knowledge of airline operations, emerging technologies and IT related regulatory requirement.
- Strong technical knowledge of risk and control in various IT domains such as IT infrastructure, Agile software development, as well as other key areas including Digital transformation, Project management, Information security and Data management.
- Hands on experience in any of data analytics and business intelligence tools is a definite asset.
- Strong analytical skills and ability to work independently and in a matrix and remote environment.
- Possess high emerge level and strong work ethic with a commitment to continuous improvement in a dynamic and changing environment that strive to exceed expectations.
- Strong interpersonal, communication and presentation skills, including managerial courage, dealing with ambiguity.
- A team player who is self-initiated, independent and able to meet tight schedules.
- Ability to create and maintain good working relationships with teammates and all levels of staff members from various business units.
- Fluent in writing and speaking in English is a must and in Chinese as a bonus.
- Appx. 20% travel requirement.
Personal & Application Information
Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.