-Job description
**Role purpose**
Evaluate risks related to the integrity, reliability and availability of information for the Institution are effectively managed by Management through the execution of tests to evaluate the effectiveness of the design and operation of the IT controls implemented, as well as evaluate the compliance of the IT requirements stated by the different local regulators.
**Main activities**
- In-depth experience in evaluating the information technology general controls; the IT security controls for networks, servers, IT connections, databases and operating systems; auditing the Cybersecurity processes and IT controls defined by third-parties.
- Participate in integrated audits evaluating Business Application Controls (BACs).
- Ensure that IT operations are in accordance with standards, FIM requirements, and regulatory standards and policies; and optimizing relations with regulators by addressing any issues.
- Develop a good understanding of the business, risks and controls, as well as the regulatory framework in which they operate within the financial services industry.
- Ensure information security controls are in accordance with Global standards and verified that service providers and vendors adhere to policies to protect the information that HSBC share with them.
- Understand the impact of audit findings, including recommendations to improve current and future IT processes and operating environment.
- Communicate persuasively with senior management the findings and risks associated, and identified the root cause of the issues.
- Ensuring value added audit work is completed in accordance with Group Audit Standards Manual.
- Assisting with the follow-up, tracking, and reporting of audit issues applicable within the audits as directed.
- Strong written and verbal articulation skills (English) and an ability to influence senior executive.
Requirements
- Bachelor of Science in Computer Science and Technology or equivalent.
- Proven IT audit, banking and/or consultancy with at least mínimal 5 years of experience.
- In-depth experience in evaluating the information technology general controls; the IT security controls for networks, servers, IT connections, databases and operating systems; auditing the Cybersecurity processes and IT controls defined by third-parties
- Good understanding of the local regulations, such as Banxico, CNBV and CNSF (Desirable).