IT Audit and Compliance Manager

Work location: Taipo (onsite free parking)

Roles & Responsibilities

• Oversee the ISMS program & risk management process for IT
• Conduct and drive regular risk assessment as per compliance requirement
• In charge of the adoption of TISAX program for the whole JE organization and overseeing the entire programs
• Participating in internal and external audits with external auditors and customers
• Communicate security policies, standards, controls and posture to customers and stakeholders
• Participates in disaster recovery and business continuity planning (BCP) activities yearly with appropriate stakeholders
• Prepares reports, business cases, and presentations on security risk, controls, the status of compliance efforts, etc.
• Acts as liaison between IT and other functions (e.g., legal) regarding information security events or incidents Evaluate new or updated industry regulations to ensure continued compliance

Requirements

• A bachelor’s degree in information security, computer science, or related field
• 5+ years of compliance management experience
• Certifications: ISO27001 auditor and CISA
• Well-versed in industry regulations and can translate complex security concepts into layman’s terms
• Must be able to effectively communicate with all levels of management
• Strong interpersonal skills and ability to influence others
• Thorough knowledge of information security and compliance concepts
• Working knowledge of industry-leading information security tools and technologies
• Possess strong analytical and problem-solving skills
• Well-versed with security controls and understanding the underlying technical concepts
• Ability to work independently and manage multiple priorities simultaneously
• Ability to make problem solving decisions under pressure
• Positive attitude and strong commitment to the delivery of quality work
• Good command of written and spoken English, Putonghua and Cantonese
• Possess strong experience in cloud auditing method and technique
• Able to work with oversea colleagues and drive results
• Ability to work outside of normal office hour in a multi-regional environment (e.g.: Americas/Europe/Canada) regularly

Preferred qualifications

• In-depth knowledge of at least two major regulatory frameworks (e.g., TISAX VDA ISA 5/6 & ISO 27001:2022)
• Certifications in information security or compliance (ISO 27001 lead auditor, CISSP, CISM, CRISC, CISA etc.)

Come join our global, inclusive & diverse team

Our purpose is to improve the quality of life of everyone we touch through our innovative motion systems. We are a truly global team bound together by our shared values. Our culture is built on the diversity, knowledge, skills, creativity, and talents that each employee brings to the company. Our people are our company’s most valuable asset. We are committed to providing an inclusive, diverse and equitable workplace where employees of different backgrounds feel valued and respected, regardless of their age, gender, race, ethnicity or religious background. We are committed to inspiring our employees to grow, act with ownership and find fulfilment and meaning in the work they do.