Role Value Proposition:
IT Audit is an independent department that plays an important role in partnering with the business to ensure that management anticipates, recognizes, and appropriately manages risks. The IT Auditor has responsibility for the participation in and delivery of audit assignments to ensure that technology and related business risks are identified, reported, and appropriately managed. Audit activities include the following:
- Reviews IT and certain business processes/practices to ensure operating effectiveness, compliance with Policy, and use of best practices;
- Contributes to, or prepares reports of audit findings for business managers and proposes recommendations for changes as needed; and
- Participates consultatively in developing issue resolutions to the extent possible.
- Conducts or assists in the conduct of audits of limited-to-moderate complexity to assess the effectiveness, adequacy, compliance, and efficiency of the enterprise's information systems and operational controls.
- Assists in the development of presentations and reports on findings to business management and assists in compiling status reports for senior management.
- Participates in various risk-based audits and other projects, completing assigned tasks and responsibilities within the assigned budget and timeline, explaining variances, and ensuring quality over work performed.
- Communicate appropriately with identified stakeholders within IA and business management and testing open issues to closure.
Essential Business Experience and Technical Skills:
- 2-4 years of experience in IT audit, IT risk management or IT compliance
- Earned or working towards CISA, CISSP, CPA or CISM certification.
- Possesses basic to intermediate-level understanding of IT general controls (security, change management, disaster backup recovery, data center, etc.), cybersecurity, cloud, privacy, and IT regulatory risks and controls.
- Possesses fundamental understanding of multiple guidelines such as IIA, COBIT, NIST, SOX, and PCI DSS.
- Possesses fundamental understanding of auditing practices including sampling and testing methodologies, and risk management.
- Demonstrated ability to influence business stakeholders as well as coach audit team members.
- Strong written and verbal communication skills, including listening and interviewing skills.
- Bachelor’s degree in Computer Science, Information Technology or Business
- Experience working in financial services organization within IT, Technology Operations, Information Security, Network/Cybersecurity or equivalent area
- Possesses experience in IT, Information Security or IT Audit in large, complex organization