Internal Audit - Technology Auditor, Manager (Hong Kong)

  • Competitive
  • Hong Kong Hong Kong Hong Kong HK
  • Permanent, Full time
  • Morgan Stanley
  • 17 Jul 18 2018-07-17

See job description for details

Company Profile

Morgan Stanley is a leading global financial services company providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 747 offices in 42 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Internal Audit Department

Internal Audit is responsible for validating whether the Firm operates in a controlled environment with appropriate risk management processes. Auditors evaluate the adequacy and effectiveness of the Firm’s internal controls using a risk-based methodology developed from professional auditing standards. Internal Audit assists in monitoring the Firm’s compliance with internal guidelines set for risk management and risk monitoring, as well as external rules and regulations governing the industry. The team reports directly to the Board Audit Committee and helps verify whether the Firm meets all of its fiduciary responsibilities to shareholders, while adhering to corporate-governance standards and legal and regulatory requirements. Internal Audit comprises Business, Risk and Technology auditors. Business and Risk auditors focus on understanding the risks that the businesses face and the controls to mitigate those risks. Technology auditors focus on the IT controls supporting business processes, including systems development, application security and entitlements, production management, and technology governance. Both groups are responsible for understanding, analysing and testing the controls to protect the franchise.

The Asia Internal Audit Department is responsible for audits across all Morgan Stanley businesses in the region. The audits are designed to assess the adequacy of the control environment and to provide the Board Audit Committee and relevant regional committees with an independent assessment of risk across the Firm.

Position Description

The candidate will be part of the Asia Technology Audit team based in Hong Kong, reporting to the Asia Head of Technology Audit in Hong Kong and providing support in managing and executing regional and global technology audits, as well as performing Continuous Monitoring activities. Responsibilities include the following:

• Plan, execute and manage regional and global audits with a particular focus on technology infrastructure and cyber security, with opportunities to support integrated audits across different business areas in the Asia region.

• Work effectively with staff and auditees across different time-zones and regions, and also demonstrate effective multitasking capability on concurrent assignments.

• Demonstrate strong report writing skills and effective communication with all levels of management. Be able to write and present audit findings and reports to the intended audience.

• Work independently and with minimal supervision, while also demonstrating capability both to lead and execute audit assignments as required.

• Develop and maintain relationships with key auditees for effective continuous monitoring of technology risks. Provide relevant statements / conclusions based on data points gained from the meetings for inclusion in global and regional continuous monitoring packs.

• Represent Internal Audit for technology coverage at meetings with senior internal and technology or business stakeholders.


• 6-10 years relevant technology audit work experience, with strong knowledge of technology infrastructure controls, information security and cyber security frameworks, and ideally with experience of investment banking products, systems and processes. Ideal candidates would have Internal Audit experience within a global Investment Bank.

• Degree educated or equivalent (preferably a technical/IT related degree).

• Ideal candidate would have professional IT audit or security qualifications, (e.g. CISA, CISM, CRISC, CISSP, CEH etc.), as well as accounting or professional audit qualifications (e.g. CA/ACA, ACCA, CIA).

• Strong knowledge of risk-based audit techniques and principles and understanding of control frameworks, e.g. COBIT, ITIL, ISO17799, COSO, CMMI.

• Knowledge of application development methods, technology infrastructure controls, computer processing environment, and experience in using data analytics techniques.

• Extensive experience in conducting technology infrastructure and IT application audits. This includes risk-based planning, designing and executing effective audit testing, and drafting and presenting audit results.

• Understanding of technology-related regulatory requirements in one or more Asia jurisdictions.

• Strong analytical and decision-making skills. Demonstrate thought leadership and sound professional judgment.

• Strong inter-personal skills, verbal and written communications skills, and be capable of conveying a confident, professional, positive and realistic attitude.

• Ability to structure solutions to complex problems.

• Strong project management skills.

• Demonstrate self-discipline, maturity and effective time management.

• Self-starter and can work on multiple projects under pressure.

• Demonstrate creativity and intuitive thinking.

• Consistently complete work on time and within budget without compromising quality.

• Hold self and others accountable for demonstrating the highest ethical standards.

• Maintain a habit of continuous learning and take responsibility for the development of one’s own skills, including technical, business, interpersonal, written and informal verbal communication.

• Set annual personal and professional goals and measure performance against them.

• Strong Cantonese and/or Mandarin language skills considered an advantage.