The Business Aligned IT Auditor will be responsible for working on audit engagements that focus on business risk and related application technology. Team members work to understand business risks and related application controls such as interface controls, logical access controls, and input/processing/output controls. The main objective of an audit is to provide management with independent, objective assurance regarding the design and operating effectiveness of the system of internal controls to mitigate both business and IT-related risks. The audit follows a collaborative approach, with business and IT audit team members jointly conducting the majority of internal and client-facing planning, control assessment, testing, and reporting activities.
The Business Aligned IT Auditor will help shape the audit scope for IT coverage, assess procedures and test application controls for audits utilizing a risk-based audit approach. The application controls subject to testing will be determined during the risk and controls assessment phase of the audit and will most likely include: electronic authorizations; application parameters, settings, edit checks, scripts, and mappings; application access to sensitive application transactions and shared directories; system interfaces; and management, edit, and exception reports.
The Business Aligned IT Auditor ensures their work is completed in compliance with the Corporate Audit Department and Institute of Internal Auditor standards. The candidate requires good analytical, interpersonal, time management, project management, research and communications skills. She /he must be able to effectively work with new and changing situations, including new industry regulations, where there may not always be a readily apparent solution.
- Bachelor’s degree in Computer Science, Information Security, Information Systems, Civil Engineering, Accounting, or a related field, or its equivalent;
- 2+ years of experience with IT and Operations auditing, risk management, or IT compliance.
- Proven knowledge of Information security, system development lifecycle, IT project management and end-user computing;
- Demonstrated experience testing IT general controls and application controls including electronic authorizations, application parameters, settings and/or scripts, and access to sensitive application transactions and data interfaces;
- Ability to think strategically and multi-task in a fast-paced environment
- Experience in a number of the following: technology consulting, system auditing, privacy, cyber-security, Public and Private Cloud, software development, financial processes and systems, large project systems integration, risk management, or data analytics.
- Demonstrated knowledge of Institute of Internal Auditors, Corporate Audit Division standards, NIST, COSO, COBIT, ITIL, ISO 27001, Sarbanes-Oxley and SOC 1 / SSAE 16 standards and laws and regulations applicable to the assigned area of responsibility.
- Audit experience in public accounting or internal audit, focusing on financial service or other regulated industries
- Excellent analytical, written communication, interpersonal, organizational and presentation skills
- Industry recognized certification CISA, CISSP, CISM