Senior IT Audit Analyst - BSC (Hybrid)

Who We Are

We're powering a cleaner, brighter future.

Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient.

We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 20,000 colleagues strong serving more than 10.7 million customers at six energy companies -- Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco).

We're committed to creating an environment where every person can thrive. Our employee experience is grounded in four tenets that guide how we support our people: purposeful careers, growth opportunities, community impact, and support to thrive.

In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career.

Are you in?
Primary Purpose

The Senior IT Audit Analyst is responsible for leading audit engagements focused on evaluating IT, Cybersecurity, and Physical Security risks and controls. This role is a crucial part of the broader Exelon Audit Services team and will be tasked with leading risk assessments, developing & executing audit plans, drafting audit reports including issues & remediation actions, and supervising other analysts under the guidance of the IT Audit Manager. The primary focus of this role will be executing risk-based operational audits of IT & Security processes, but the Senior IT Audit Analyst will also play a role in fostering a high-performance learning environment and may assist in non-IT based audits, analysis of emerging risks, and delivering Exelon's business plan through broad company-wide initiatives.

Primary Duties

• Plan and Execute IT and Security audit engagements. Includes performing background research, including reviewing relevant regulatory standards and identifying best practices for business processes; identifying and assessing risks in current processes; developing and executing audit test plans; and drafting issues, recommendations, and reports under Manager supervision.
• Provide active coaching and support of internal audit staff members to support a high performing learning organization.
• Conduct post-audit follow up to ensure action items were completed to effectively mitigate risks identified during the audit engagement.
• Assess enterprise level risk and identify potential future engagement in support of a continuous risk assessment and engagement planning process.
• Support operational department initiatives as needed.

Job Scope

• Individual will be expected to display advanced proficiency in the following skill areas and consistently execute these skills in their work with the internal audit team. o Analytical - applies critical thinking and intellectual curiosity to solve complex problems with various tools and techniques. Demonstrates rapid learning and agility to factor cost of controls proactively and effectively into defining issues and issue resolution. Proactively identifies and drives improvements to optimize and simplify business processes. o Communication - provides clear written and verbal communication while actively engaging and leveraging active listening skills. Adapts messaging based on audience and situation while exhibiting strong understanding of the business. Comfortable raising challenges and differing views and does so constructively. o Talent Development - applies situational leadership to provide feedback and actively engage with others. Leverages coaching to enhance talent development and to build skills and capabilities. Able to translate feedback into action while self-identifying development areas and career opportunities. Actively demonstrates emotional intelligence and self-awareness. o Risk and Controls Mastery - Demonstrates ability to identify, assess, and mitigate risk using a holistic perspective, as well as formulating action plans to achieve desired business outcomes. Applies professional judgment and strong understanding of company control frameworks and processes, to strengthen the control environment while preventing and detecting fraud, waste, and abuse.
• Individual will have frequent interaction with business process management and other internal business customers.
• Individual will engage with teams across multiple geographies and may have some infrequent work-related travel, depending on nature and scope of work activities.

Minimum Qualifications

MINIMUM QUALIFICATIONS

• 4-7 years of professional internal or external audit experience, with at least two years focused on IT, financial systems, cybersecurity, and physical security risks and processes.
• Demonstrated strong analytical and oral and written communication skills, including in drafting and presenting reports.
• Strong understanding of the Institute of Internal Auditors' (IIA) Global Audit Standards and International Professional Practice Framework.
• Experience assessing processes using common IT and Security frameworks, such as COBIT, ISO 270001, and NIST CSF.
• Experience auditing IT implementation projects guided by varying project management frameworks.
• Ability to assess process and control gaps, identify root causes, and develop remediation plans.
• Bachelor's degree in Accounting, Business, Computer Science, Finance, Management Information Systems, or related program.

Preferred Qualifications

PREFERRED QUALIFICATIONS

• 5-7 years of experience working in an internal or external audit consulting environment
• Ability to navigate through ambiguity, manage and coordinate multiple project assignments simultaneously in a changing, deadline-driven environment
• Ability to work independently or supervise audit analysts on individual audit engagements
• IT General Controls or other Sarbanes-Oxley compliance testing experience preferred
• Relevant professional accreditation (e.g. CISA, CISSP, CIA, CPA, PMP
• Utility or other regulated industry experience preferred

Benefits

• Annual salary will vary based on a candidate's skills, qualifications, experience, and other factors: $93,600.00/Yr. - $128,700.00/Yr.
• Annual Bonus for eligible positions: 15%
• 401(k) match and annual company contribution
• Medical, dental and vision insurance
• Life and disability insurance
• Generous paid time off options, including vacation, sick time, floating and fixed holidays, maternity leave and bonding/primary caregiver leave or parental leave
• Employee Assistance Program and resources for mental and emotional support
• Wellbeing programs such as tuition reimbursement, adoption and surrogacy assistance and fitness reimbursement
• Referral bonus program
• And much more

Note: Exelon-sponsored compensation and benefit programs may vary or not apply based on length of service, job grade, job classification or represented status. Eligibility will be determined by the written plan or program documents.