Reporting to the Senior Director, IT Audit the Senior IT auditor helps plan and participate in information technology audits. Senior IT auditors participate in pre-audit planning, and perform field engagements or join operational and financial audit teams at various company entities. Our company audits vary in size and complexity from field offices to large, regional data centers.
Our Internal Audit focuses on the “objectives, risks, and controls” perspective, derived from the original COSO study and related auditing frameworks. To apply this concept effectively, the ideal candidate will assess the risks associated with various business objectives and evaluate the controls in place to mitigate those risks. From an IT perspective, this means understanding our businesses and supporting information technology to ascertain whether the IT environment (including applications, data centers, operating systems, processes such as change management, network security and information security and their controls) is effective and protected.
The nature of the business audited varies from employee benefits consulting services to complex insurance and reinsurance brokerage. Depending on the size and materiality of an entity, the senior IT auditor may have responsibility for communicating audit findings to local management. Findings consist of issues and risks uncovered by audit testing, and require management agreement on remediation steps, as required. These are discussed in closing meetings and written audit reports, and for IT audit may include both OpCo and MGTI management.
- Assist in planning engagements based on IT risks as related to the business.
- Obtain a detailed understanding of an entity’s operations, including major systems, specific policies and procedures, and industry standards
- Prepare work papers and coordinate receipt of audit materials required to analyze, test and evaluate the entity’s control environment.
- Conduct interviews, walkthroughs, and document results.
- Examine documentation and evaluate procedures in the control environment.
- Document conclusions; organize and reference workpapers for supervisory review.
- Identify control weaknesses, help assess their financial or other impact, and discuss practical solutions with management
- Draft audit report findings and Process Improvements for review at the closing meeting
- Participate in closing meetings at the end of fieldwork, noting comments and providing clear explanations for our findings and ratings, as required.
- Actively pursue certifications and continuing professional education in line with the department's needs and the auditor's career development
- Undergraduate degree in information technology. A related business or accounting degree is acceptable, accompanied by good communication and risk assessment skills.
- Professional designations - CIA, CISA or CISSP - or progress in that direction are desirable. Other IT-related designations may suffice, as might a project management certification.
- Minimum of 3 years information technology and/or audit experience is critical
- Experience in insurance, broking, or other financial services is a plus.
- Solid understanding of operating systems, applications and databases, such as UNIX/LINUX, Windows Server, Oracle and SQL database management systems, and Oracle Financials ERP systems. Additionally have a solid understanding of IT Infrastructure controls such as physical security and network security. Understanding of Cyber Security controls and frameworks a plus.
- Ability to work effectively with management and staff members in a team environment.
- Solid analytical, problem solving, organization, and project management skills.
- Ability to understand the relationship between complex information technology and business issues; recognize and agree on appropriate solutions proposed by management.
- Ability to travel (30 - 40%), including some international, is fundamental.
- Interpersonal skills are essential; the ability to communicate confidently in oral and written form, clearly and effectively is key to successful performance as a senior IT auditor.
- Desirable traits include enthusiasm, initiative, sound business judgement, and tact.