Assistant Vice President, Information Technology Audit (Director- HQ)

Shangri-La Group

Shangri-La Group is a global leader in luxury hospitality with unique Asian heritage.

Headquartered in Hong Kong, we have over 100 hotels and resorts under four brands nested in key cities and beautiful beachfront locations globally. We are expanding rapidly with a strong development pipeline throughout Asia, the Middle East, Europe and Africa.

Regarded as one of the world’s finest hotel ownership and management companies, Shangri-La is dedicated to delight guests around the world with legendary service, finely tuned from over 45 years of hospitality from the heart. We have an affinity with Asian travelers and we offer them a gateway to the rest of the world, positioning us a leading brand in luxury hospitality.

As an enviable employer with industry leading levels of colleague engagement, our people are our priority. Our success is only made possible through the efforts and abilities of over 42,000 colleagues worldwide. In accordance with this belief, the focused investment we make in the learning and development of our colleagues is unparalleled in the global hospitality industry. From welcoming new colleagues, to best in class leadership development, you can be sure that potential is identified and nurtured throughout your career.

We are currently looking for an AssistantVice President, IT Audit (Director level at HQ) to drivetechnology audit coverage across various businesses within the Group through a combination of application and security reviews, technology infrastructure audits, operational process audits and integrated audits.

As an AssistantVice President, IT Audit, we will on rely you to:

• Develop a flexible IT audit plan using an appropriate risk-based methodology, including any risks, controls and concerns identified by management.
• Manage the preparation the initial audit report after completion of fieldwork and review the results and recommendations with management.
• Partner with IT management to monitor IT project status and determine where and when Internal Audit should be involved.
• Perform Information Technology and System audits, including audits of IT governance, systems under development, IT information security.
• Evaluate key IT policies and procedures, information systems maintenance and support and integrity of information assets.
• Assist in the recruiting and retaining of IT audit resources.
• Evaluate, implement and document risks and controls with respect to key business processes.
• Effectively perform analysis and testing of financial, operational and technology (both IT General and Application) controls in accordance with requirements.
• Review existing software at hotels and work towards creating offsite audit platform for audit teams.
• Identify control weaknesses and support IT management to develop action plans to remediate the deficiencies.
• Effectively communicate audit findings to stakeholders.
• Perform ‘Enterprise Risk Management’ audits which include reviews of the strategic risks facing the organization and the action plans to mitigate such risks.
• Evaluate the senior management response to these risks and summarized the findings for the Audit Committees.
• Keep abreast of best practice and external developments in IT internal audit and ensure this learning is shared with the Internal Audit team and the Audit Committee.

We are looking for someone who has:

• Recognized professional designation - CISA designation preferred and/or CIA, CMA, CGA, CPA, CA, CGAP, CFPI
• Undergraduate or Graduate degree in a relevant field (Information Systems, Accounting, Finance, Business, Economics, etc.);
• Minimum of 10 years’ experience in the audit of information technology and proven track record of strong performance in high-quality audit work.
• Significant understanding of Internal Audit and Risk Management best practice
• Experience of risk-based audit assessment within an internal control framework of a comparable size and complexity.
• Thorough knowledge of internal audit procedures, including risk driven audit planning techniques and methods used to examine, verify and analyze information systems to the requirements of the Standards for the Professional Practice of Internal Auditing.
• In-depth knowledge of IT and information security governance, network architecture and security, various types of infrastructure (e.g. servers, database environments, cloud technologies), system development methodologies, IT control frameworks, key platforms and third-party vendor management.
• Knowledge of forensics, fraud and other detection techniques and concepts.
• Ability to effectively interact with members of management in managing project relationships which evidence leadership and strong negotiation skills.
• Ability to work in a team and under pressure.
• Ability to work in a fast-paced, client-focused environment.