Previous internal or external IT audit experience is required.
Worked in large companies that operate in regulated industries such as financial services, insurance, healthcare, etc.
Capable of identifying, assessing and advising on risks for large-scale technology projects, IT general controls and completing IT process audits (e.g., SDLC, Change Management, Logical Security, Business Continuity/Disaster Recovery and Incident/Problem Monitoring).
Proficiency in auditing infrastructure components is required (e.g., Mainframe, Unix/Linux, Windows).
The Senior IT Auditor position is predominantly focused on leading audit projects covering Enterprise Infrastructure and Technology Risk Management by supporting all phases of the audit lifecycle under the guidance of a Team Leader and by managing and directing the daily activities of individuals assigned to work on those audit projects.
Technical knowledge of cyber security risks and controls as they apply to network technology, operating systems, databases, storage technologies, firewalls, intrusion detection systems, messaging systems, web applications, technologies, mobile platforms, data loss prevention, cloud computing, etc.
Experience with operational processes, tools and control standard methodologies in running a complex IT infrastructure platform, including systems monitoring, capacity management, resiliency, security controls.
Background in financial services, particularly in securities clearance and settlement, corporate actions, and/or securities processing.
- Strategic Control Impact • Assesses the risk and control environment for processes within coverage areas • Identifies meaningful issues, and increases the velocity and sustainability of the mitigation plans and processes • Differentiates and articulates issues based on severity
- Establishes ongoing relationships with managers in the businesses or functions covered
- Works with business stakeholders to develop specific, measurable, achievable, realistic and timely (SMART) action plans to remediate control issues
- Works closely with auditees to verify timely progress and completion of agreed action plans and to the completion of those action plans
- Contributes to the development and execution of a continuous monitoring program for the businesses or functions covered
- Understands the financial services industry and has knowledge of regulatory requirements such as Covered Clearing Agency Standards
- Audit Execution
- Leads all phases of an audit and provides guidance to junior staff to ensure that audit projects are completed effectively, on time, and within the allocated budget.
- Possesses and demonstrates a strong understanding of audit techniques
- Creates an effective risk-based audit program
- Independently oversees and contributes to the completion of risk-focused audit fieldwork, notifying the Team Leader promptly of issues that arise or when budgets or timelines are at risk
- Effectively communicates throughout the audit lifecycle while translating complex concepts and potential issues clearly with root cause analysis
- Assists the Team Leader with annual risk assessment and audit planning
- Quality Process
- Demonstrates a strong knowledge of IAD policies and procedures, particularly work paper documentation standards
- Independently prepares and reviews work papers, ensuring they fully comply with IAD policies and procedures
- Participates in IAD continuous improvement initiatives
- Individual and Team Development
- Proactively seeks opportunities to develop and broaden his or her professional skills and knowledge of audit techniques and methodologies, and of the products and functions within coverage areas
- Demonstrates a strong commitment to teamwork by demonstrating a willingness to assist peers and supervisors
- Seeks feedback for improvement and effectively applies that feedback to continuously improve
- Coaches and mentors more junior team members
- Minimum of 7 years of IT auditing experience
- Bachelor's degree with Master's or equivalent experience preferred
- Experience Identifying, assessing and advising on risks for large-scale projects, application controls, IT general computing controls (e.g., Information Security, SDLC, Change and Release Management, Application Security, Data Management, Database Security, Logical Access, and Job Monitoring, etc.) and business process controls (e.g., Enterprise Risk Management, including but not limited to Operations, Compliance, Legal, etc.) are highly desired.
- Certifications related to the incumbent’s coverage responsibilities, such as Certified Internal Auditor, or Certified Information Systems Auditor are highly desirable.
Business Unit: Internal Audit
The Internal Audit Department's (IAD) mission is to deliver independent assessments of the organization's overall control environment and to promote proactive risk identification and mitigation.