Technology Auditor, Manager (Hong Kong)
Morgan Stanley is a leading global financial services company providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Internal Audit is responsible for validating whether the Firm operates in a controlled environment with appropriate risk management processes. Auditors evaluate the adequacy and effectiveness of the Firm's internal controls using a risk-based methodology developed from professional auditing standards. Internal Audit assists in monitoring the Firm's compliance with internal guidelines set for risk management and risk monitoring, as well as external rules and regulations governing the industry. The team reports directly to the Board Audit Committee and helps verify whether the Firm meets all of its fiduciary responsibilities to shareholders, while adhering to corporate-governance standards and legal and regulatory requirements. Internal Audit comprises Business, Risk and Technology auditors. Business and Risk auditors focus on understanding the risks that the businesses face and the controls to mitigate those risks. Technology auditors focus on the IT controls supporting business processes, including systems development, application security and entitlements, production management, and technology governance. Both groups are responsible for understanding, analysing and testing the controls to protect the franchise.
The Asia Internal Audit Department is responsible for audits across all Morgan Stanley businesses in the region. The audits are designed to assess the adequacy of the control environment and to provide the Board Audit Committee and relevant regional committees with an independent assessment of risk across the Firm.
The candidate will be part of the Asia Technology Audit team based in Hong Kong, reporting to the Asia Head of Technology Audit in Hong Kong and providing support in managing and executing regional and global technology audits, as well as performing Continuous Monitoring activities. Responsibilities include the following:
• Plan, execute and manage regional and global audits across different business areas (including Institutional Securities Group e.g. Equities, Fixed Income, Investment Banking and Global Capital Markets, Wealth Management, etc.) and Enterprise Infrastructure in accordance with established standards, taking a hands-on approach while also able to see audits through from start to completion.
• Work effectively with staff and auditees across different time-zones and regions, and also demonstrate effective multitasking capability on concurrent assignments.
• Demonstrate strong report writing skills and effective communication with all levels of management. Be able to write and present audit findings and reports to the intended audience.
• Work independently and with minimal supervision, while also demonstrating capability both to lead and execute audit assignments as required.
• Have strong experience and appreciation of business-related technology controls gained from sales & trading organizations. Be able to communicate effectively with business audit colleagues as well as Business Unit management on technology risks and implications to business stakeholders.
• Develop and maintain relationships with key auditees for effective continuous monitoring of technology risks. Provide relevant statements / conclusions based on data points gained from the meetings for inclusion in global and regional continuous monitoring packs.
• Represent Internal Audit for technology coverage at meetings with senior internal and technology or business stakeholders.
• 6-10 years relevant Technology audit work experience, with knowledge of investment banking products (e.g. fixed income, cash equities and derivatives), systems and processes. Strong knowledge of risk-based audit techniques and principles. Ideal candidates would have Internal Audit experience within a global Investment Bank.
• Degree educated or equivalent (preferably a technical/IT related degree).
• Ideal candidate would have professional IT audit / security qualifications, (CISA, CISM, CISSP, etc.), as well as accounting or professional audit qualifications (e.g. CA/ACA, ACCA, CIMA, CIA).
• Understanding of control frameworks, e.g. COBIT, ITIL, ISO17799, COSO, CMMI.
• Knowledge of application development methods, technology infrastructure, computer processing environment, and experience in using computer assisted auditing techniques / data analytics.
• Extensive experience in conducting IT application audits as well as technology infrastructure audits. This includes conducting effective risk-based planning, designing and executing effective audit testing, and drafting and presenting audit results.
• Understanding of technology-related regulatory requirements in one or more Asia jurisdictions.
• Strong analytical and decision-making skills. Demonstrate thought leadership and sound professional judgment.
• Strong inter-personal skills, verbal and written communications skills, and be capable of conveying a confident, professional, positive and realistic attitude.
• Ability to structure solutions to complex problems.
• Strong project management skills.
• Demonstrate self-discipline, maturity and effective time management.
• Self-starter and can work on multiple projects under pressure.
• Demonstrate creativity and intuitive thinking.
• Consistently complete work on time and within budget without compromising quality.
• Hold self and others accountable for demonstrating the highest ethical standards.
• Maintain a habit of continuous learning and take responsibility for the development of one's own skills, including technical, business, interpersonal, written and informal verbal communication.
• Set annual personal and professional goals and measure performance against them.
• Willing to travel and work flexibly as needed.
• Strong Cantonese and/or Mandarin language skills considered an advantage.