Internal Control Manager / Supervisor (IT Direction)

Apply for this position


  • Identify, evaluate and document business risks, IT General Controls (ITGC) and Application Controls (ITAC) in the risk control matrix;
  • Perform IT internal control (SOX) review, walkthrough and conduct testing according to SOX and Group’s audit requirement to make sure the testing deliverables up to quality standard, report identified issue or area for development to management, conduct remediation testing and provide testing status to Senior Manager on time;
  • Develop, perform, and document testing and walkthroughs of  ERP system processes and controls to assess design and operating effectiveness;
  • Develop, maintain SOD matrix, check SOD conflicts and support SOD remediation;
  • Act as coordinator between internal/external IT auditors and IT control owners and analyses audit findings with appropriate recommendations;
  • Make IT leading practice recommendations to address improvement opportunities and performs follow-up;
  • Support in any ad hoc task pertaining to internal control or process management.


  • 3+ years’ experience in IT audit with auditing/consulting firm/internal audit department;
  • IT audit experience in listed companies/pharmaceutical and health care industry is plus;
  • In-depth knowledge of information system audit methodology and principles including a good understanding of risks and controls;
  • Demonstrated knowledge of ITGC and ERP systems;
  • Strong interpersonal and communication skills;
  • Proficiency in both English and Chinese;
  • Travel around PRC is required;
  • Demonstrated analytical and computer skills (Excel and Word required; PowerPoint, Visio, Access, and ACL helpful);
  • Knowledge of common audit frameworks (e.g., COSO Integrated Framework, ITIL and COBIT internal control framework and hands-on Sarbanes Oxley experience);
  • Participation in professional audit organizations (IIA or ISACA) helpful;
  • CISA, CRISC, CISSP or relevant certification desired;
  • Bachelor’s degree or above is required in Computer Science, Information Systems, or equivalent or other relevant subject.