- Previous internal or external IT audit experience is required.
- Capable of identifying, assessing and advising on risks for large-scale technology projects, IT general controls and completing IT process audits (e.g., SDLC, Change Management, Logical Security, Business Continuity/Disaster Recovery and Incident/Problem Monitoring).
- Proficiency in auditing infrastructure components is required (e.g., Mainframe, Unix/Linux, Windows).
About this Opportunity
The IT Auditor role is predominantly focused on audit projects, participating in planning, driving fieldwork, and assisting with report clearance. The primary measure of success is identifying meaningful potential issues about the design and effectiveness of controls, and creating reliable documentation to support his or her work.
What You'll Do
Strategic Control Impact
- Identifies meaningful issues in which controls are not properly designed or are not operating effectively.
- Assesses the risk and control environment for processes within coverage areas.
- Validates the completion of agreed action plans under the guidance of a supervisor.
- Understands the financial services industry and risk and control environment for coverage areas and identifies new risks.
- Works closely with auditees to verify timely progress and completion of agreed action plans.
- Assists a Senior IT Auditor or IT Audit Manager with the execution of audit planning, fieldwork and reporting.
- Completes risk-focused fieldwork on time and within the allocated budget, notifying the auditor in charge promptly of issues that arise or when budgets or timelines are at risk.
- Understands and performs root cause analysis for issues; possesses and demonstrates a strong understanding of audit techniques.
- Demonstrates a strong knowledge of our policies & procedures, particularly work paper documentation standards.
- Independently prepares work papers that fully comply with IAD policies and procedures. Participates in continuous improvement initiatives.
- Aligns risk and control processes into day to day responsibilities to monitor and mitigate risk; escalates appropriately.
- Minimum of 3-5 years of related experience
- A bachelor’s degree is required, preferably with a technology-related major.
- Certifications related to the candidate’s coverage responsibilities are preferred, such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), and Certified Information Systems Security Professional (CISSP).
Business Unit: Internal Audit
The Internal Audit Department's (IAD) mission is to deliver independent assessments of the organization’s overall control environment and to promote proactive risk identification and mitigation.