about the company.
Our client is a highly prominent, globally recognised healthcare and insurance group with a deeply established market presence in Hong Kong. Known for their customer-centric digital innovations and large-scale healthcare service networks, they combine an extensive international corporate heritage with a stable, professional, and forward-thinking working environment. They offer an exceptional capital-backed platform that champions technology transformation, data privacy, and structured executive career progression.
about the team.
The IT Audit department is a highly specialized, independent control function that reports directly to the Audit Committee and regional tech leadership. You will lead an experienced, high-performing team of technology risk, data analytics, and cybersecurity audit specialists who thrive in a collaborative, agile, and intellectually stimulating environment. The team culture highly values technical innovation, proactive risk advisory, and continuous professional development, offering a healthy work-life balance and strong regional visibility.
about the job.
Formulate, manage, and execute the annual risk-based IT audit plan covering application systems, cloud infrastructure, cybersecurity frameworks, and digital health platforms.
Lead end-to-end technology audit engagements, assessing the adequacy and effectiveness of IT general controls (ITGC), data privacy protocols, and business continuity plans.
Ensure all information technology and security frameworks strictly align with Insurance Authority (IA) guidelines, HKMA supervisory manuals (where applicable), and global statutory standards.
Deliver high-quality, concise, and impactful IT audit reports to executive management, clearly outlining technology risk exposures and actionable remediation plans.
Partner with the Chief Information Officer (CIO), CISO, and business heads to provide strategic pre-implementation reviews for major system rollouts and technology upgrade programmes.
Manage, mentor, and upskill a dedicated team of IT auditors, fostering a culture of continuous learning and data-driven auditing techniques.
skills & experience required.
Bachelor’s degree in Computer Science, Information Technology, Accounting Information Systems, or a related discipline.
CISA, CISM, CISSP, or equivalent professional information security/auditing certification is strictly mandatory.
Minimum 8 years of robust experience in IT audit, technology risk management, or cybersecurity assurance within the insurance, banking, or Big 4 consulting sectors.
Deep technical knowledge of cloud computing security (AWS/Azure), data governance, devops pipelines, and modern cybersecurity frameworks.
Exceptional communication and stakeholder management skills, with a proven track record of facilitating complex technical risk discussions with senior executives.
Fluency in English and Cantonese is mandatory to effectively manage local stakeholder engagements and author high-quality audit reports; proficiency in Mandarin is highly advantageous.
If you are interested in this role, please click 'Apply Now' or send your CV directly to Marco.li@randstad.com.hk.
...
