- Hong Kong Hong Kong
HGC Global Communications Ltd Hiring! Full Time Senior IT - Security Auditor in Hong Kong - Ricebowl
Share
Save
Working Location
Job Description
Responsibilities
Job Duties & Requirements
Job Responsibilities:
Perform risk-based audits over telecommunications and ICT domains such as network infrastructure (RAN, core, transmission), data center operations, cloud services, OSS/BSS, billing/charging, CRM, customer self-care channels, and enterprise platforms.
Evaluate cybersecurity controls across identity and access management (IAM), privileged access, endpoint security, vulnerability management, network security, security monitoring/SIEM, incident response, data loss prevention (DLP) governance , and security governance.
Coordinate cross-functionally with Cybersecurity, Infrastructure/Operations, Network, Finance, Legal/Compliance, and vendors to plan and execute compliance-driven IT audit activities (e.g., PCI DSS scoping, control testing, evidence management, remediation tracking, and support for external assessors).
Assess IT general controls (ITGCs) and application controls supporting financial reporting and revenue assurance (e.g., user access, change management, job scheduling, interface controls, billing accuracy).
Review technology project delivery and SDLC/DevSecOps practices, including secure coding, CI/CD controls, environment segregation, release management, and third‑party components.
Assess resilience and availability controls: backup, recovery, DR/BCP, capacity management, patching, configuration management, and operational monitoring.
Translate audit observations into clear, actionable recommendations; agree management action plans, target dates, and owners; track and report remediation progress.
Provide advisory support on control design for major initiatives while maintaining independence requirements.
Maintain the IT audit universe and contribute to the annual/rolling audit plan using risk assessment inputs and emerging threats.
Job Requirements:
Bachelor’s degree in Information Systems, Computer Science, Engineering, Cybersecurity, Accounting, or related discipline.
One or more relevant certifications strongly preferred: CISA (highly desirable), CISSP, CISM, CRISC, ISO/IEC 27001 Lead Auditor/Implementer, CIA, CPA/ACCA, or cloud certifications (e.g., AWS/Azure/GCP).
3 to 5 years of relevant experience in IT audit, technology risk, cybersecurity assurance, or a combination of internal audit and external audit/consulting.
Proven experience leading audits independently, including supervising team members and managing stakeholders through report issuance and remediation.
Exposure to telecommunications/ICT environments is strongly preferred
Strong cybersecurity knowledge: IAM/PAM, security logging/monitoring, vulnerability management, configuration hardening, incident response, and security governance.
Knowledge of information protection and DLP governance
Strong risk-based thinking with the ability to identify what matters most and tailor testing accordingly.
Experience auditing revenue assurance, fraud management, or billing accuracy controls in telecommunications is preferrable.
PCI DSS experience (internal audit, readiness assessment, or supporting QSA-led assessments), including working knowledge of evidence requirements and stakeholder coordination.
Exposure to penetration testing results review, red/blue team activities, or threat modeling (assurance perspective).
We offer competitive salary package and career development opportunity. Free company coach is provided. Interested parties, please apply with full resume , present and expected salary , by clicking "APPLY NOW".
We are an equal opportunity employer and welcome applications from all qualified candidates. Information provided will be treated in strict confidence and only be used for consideration of your application for the relevant post within HGC Global Communications Limited. Personal data provided by job applicants will be used strictly according to our Personal Information Collection Statement, a copy of which will be available upon written request. Information of unsuccessful candidates will be destroyed within six months.
Full-time
Job Responsibilities:
Perform risk-based audits over telecommunications and ICT domains such as network infrastructure (RAN, core, transmission), data center operations, cloud services, OSS/BSS, billing/charging, CRM, customer self-care channels, and enterprise platforms.
Evaluate cybersecurity controls across identity and access management (IAM), privileged access, endpoint security, vulnerability management, network security, security monitoring/SIEM, incident response, data loss prevention (DLP) governance , and security governance.
Coordinate cross-functionally with Cybersecurity, Infrastructure/Operations, Network, Finance, Legal/Compliance, and vendors to plan and execute compliance-driven IT audit activities (e.g., PCI DSS scoping, control testing, evidence management, remediation tracking, and support for external assessors).
Assess IT general controls (ITGCs) and application controls supporting financial reporting and revenue assurance (e.g., user access, change management, job scheduling, interface controls, billing accuracy).
Review technology project delivery and SDLC/DevSecOps practices, including secure coding, CI/CD controls, environment segregation, release management, and third‑party components.
Assess resilience and availability controls: backup, recovery, DR/BCP, capacity management, patching, configuration management, and operational monitoring.
Translate audit observations into clear, actionable recommendations; agree management action plans, target dates, and owners; track and report remediation progress.
Provide advisory support on control design for major initiatives while maintaining independence requirements.
Maintain the IT audit universe and contribute to the annual/rolling audit plan using risk assessment inputs and emerging threats.
Job Requirements:
Bachelor’s degree in Information Systems, Computer Science, Engineering, Cybersecurity, Accounting, or related discipline.
One or more relevant certifications strongly preferred: CISA (highly desirable), CISSP, CISM, CRISC, ISO/IEC 27001 Lead Auditor/Implementer, CIA, CPA/ACCA, or cloud certifications (e.g., AWS/Azure/GCP).
3 to 5 years of relevant experience in IT audit, technology risk, cybersecurity assurance, or a combination of internal audit and external audit/consulting.
Proven experience leading audits independently, including supervising team members and managing stakeholders through report issuance and remediation.
Exposure to telecommunications/ICT environments is strongly preferred
Strong cybersecurity knowledge: IAM/PAM, security logging/monitoring, vulnerability management, configuration hardening, incident response, and security governance.
Knowledge of information protection and DLP governance
Strong risk-based thinking with the ability to identify what matters most and tailor testing accordingly.
Experience auditing revenue assurance, fraud management, or billing accuracy controls in telecommunications is preferrable.
PCI DSS experience (internal audit, readiness assessment, or supporting QSA-led assessments), including working knowledge of evidence requirements and stakeholder coordination.
Exposure to penetration testing results review, red/blue team activities, or threat modeling (assurance perspective).
We offer competitive salary package and career development opportunity. Free company coach is provided. Interested parties, please apply with full resume , present and expected salary , by clicking "APPLY NOW".
We are an equal opportunity employer and welcome applications from all qualified candidates. Information provided will be treated in strict confidence and only be used for consideration of your application for the relevant post within HGC Global Communications Limited. Personal data provided by job applicants will be used strictly according to our Personal Information Collection Statement, a copy of which will be available upon written request. Information of unsuccessful candidates will be destroyed within six months.
Full-time
Important Information
Never provide your bank or credit card details when applying for jobs. Do not transfer any money or complete unrelated online surveys. If you see something suspicious, Report this Job ad.
Learn More
