This position is for an experienced Sr. Internal Auditor who enjoys hands-on involvement with complex IT SOX programs.
- Develops audit test programs and performs audit tests to evaluate the design and operating effectiveness of internal controls
- Experience knowledge in IT control best practices within key IT infrastructure areas including network and Internet security, SDLC, BCP/DR, application security, cloud computing, data center operations, and general IT operations
- Prepares audit findings and recommendations that clearly communicate risks, in terms of impact to the business and root cause, and key audit issues from a senior management and Audit Committee perspective
- Meets with clients / auditees to communicate audit results and recommendations
- Provides periodic updates to management and the Internal Audit AVP and/or VP regarding status of audits and other projects in process
- Develops and maintains effective business relationships and partnerships with audited areas to ensure mutual understanding of audit scope, procedures, and reporting progress
- Provides assistance and guidance to external auditors to ensure a timely and efficient completion of their audits (when applicable)
- Assists the AVP and/or VP on special projects and assignments
- Strong analytical skills and utilizes data analysis software to perform statistical analyses of data
EDUCATION / EXPERIENCE REQUIREMENTS
- Graduation from a 4-year college or university with major course work in a discipline related to the requirements of the position is preferred; Will consider the equivalent combination of job experience education that demonstrates the ability to perform the essential functions of this job
- 3-6 years of public accounting or internal audit experience; Experience in the financial services industry a plus
- Strong knowledge of internal audit methodologies and practices, including IIA standards and the implementation of such methodologies
- Detail-oriented, deadline driven, self-directed. and organized
- Strong written and verbal communications skills
- Proven ability to excel in highly interactive team environment
- Able to understand and communicate risk and control concepts
- Strong knowledge of Microsoft Office applications (Word, Excel, and PowerPoint); Robust knowledge of Excel inclusive of filtering, pivots, charting, and graphing
- Project management skills covering scheduling, tracking/monitoring progress, and reporting on status
- Proven experience and knowledge in auditing the following IT audit domains:
- Information Security
- Data Governance and Management
- Network and Internet Security
- Business Continuity and Planning and Disaster Recovery
- User Access
- Data Center and IT Operations
- IT Governance
- Systems Development Life Cycle (SDLC), Project Management Life Cycle (PMLC), and Application Change Management
- Websites and Mobile Applications
- Cloud Computing
- IT Asset Lifecycle Management
- IT Problem Management, Help Desk, and Service Level Management
- Enterprise Applications including the following control areas:
- Application security architecture
- Application access
- Server-level access and controls
- Database-level access and controls
- System interface controls to ensure completeness, accuracy, and data integrity
- Relevant industry certifications such as CISA, CIA, or information security related certifications such as CISSP, GIAC, CISM a plus
CORE COMPETENCIES
- Sarbanes-Oxley Audit - IT General Controls testing
- IT - Control implementation and compliance review
- Business continuity and disaster recovery planning, implementation, and testing
- Information security management
- Information systems audit (Application Controls Audit)
- Audit program management
- IT infrastructure - knowledge of vulnerability assessment and penetration testing
- Cloud computing and related risks
- Agile change management methodology