Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

This position is responsible for providing leadership to IT audit for through oversight, design and execution of audits for the Bank of China’s US IT audit program. The coverage responsibilities pertain to:

• Assessing data and technology risks undertaken in the lines of business and control functions;
• Planning audits of IT applications and infrastructure;
• BOC Stakeholder relationship management
• Regulatory IT relationship management and communications
• Presenting to senior management committees and regulators
• IT Audit Team oversight, development and guidance
• Hiring strategy and recruitment
• Timely and effective delivery of IT audit plan

Include but not limited to:

Drive the audit program enhancements to achieve a “Strong” internal audit function and to meet the internal audit industry standards  

• Plan, design, execute, and supervise the audit coverage strategy of the IT and data quality and management programs
• Drive US-wide IT audit risk assessments
• Oversee audits by helping AICs execute approved audit programs and questionnaires
• Review auditor work papers covering planning and fieldwork for sufficiency - Influence the execution of other audits (business, control functions) with related risks
• Ensure the delivery of audit reports and Internal Audit feedback that is complete, insightful, timely, error free and concise

Prompt, oversight and report on corrective action 

• Evaluate management action plans to ensure that they adequately address the audit issues raised
• Direct and/or oversee issue tracking and risk-based validation of issues specific to the IT environment
• Follow-up with accountable business and control leaders to ensure control gaps are effectively and completely resolved
• Coordinate with the key stakeholders to identify emerging issues and thematic control gaps affecting the US operations

Update the audit strategy and program 

• Update the audit programs, risk assessment and audit plans based on internal and external inputs.
• Establish and maintain relationships with senior internal stakeholders for the IT and data management and quality programs.
• When necessary, coordinate with the Data Analysis group in the design and implementation of continuous monitoring of the IT and data controls during integrated audits.

Improve audit toolset 

• Recommend improvements in streamlining audit methodology.
• Optimize the use of the audit workflow tool, when necessary, during integrated audits.

Build expert knowledge 

• Design the auditor professional development plan specific to related skills.
• Provide coaching and on-the-job training to audit staff.
• Serve as the department subject matter expert on IT risks and audit procedures to test these risks.

Other Duties 

• Assist the Department Head on regulatory management and external auditor requirements
• Support other departmental initiatives

• Bachelor’s degree in computer science, business, data analytics/science, statistics, or another relevant topic is required master’s degree is a plus but not required
• 20+ years of work experience in a business or control role managing IT audit function at a medium to large banking organization.is required
• Experience as an IT audit leader and manager; familiar with core banking systems, transactional platforms, workflow tools use for retail and commercial banking is required
• Deep IT lifecycle expertise in order to perform pre-implementation reviews and to evaluate sufficiency of IT beyond operating effectiveness is required
• Strong understanding of FFIEC regulatory standards, NIST frameworks, COSO, COBIT, ISO among others, for IT controls is required
• Capability and willingness to supervise and develop staff on technical and soft skills is required
• Experience in using computer assisted auditing tools to evaluate assertions is required
• Excellent communication and interpersonal skills required with ability to present complex and sensitive issues to senior management
• Ability to build rapport with internal stakeholders and examiners
• Experience in ensuring documentary sufficiency of analytical procedures to support audit standards and bank regulatory expectations
• Proven capability in overseeing and executing multiple deliverables preferably within a highly matrixed structure where planning, management and strong interpersonal skills were critical to success
• Proven manager with an established track record of overseeing and executing multiple deliverables