Staff IT Auditor

The role:

As a Staff within the IT Internal Audit function, you will support the 3rd Line of Defense by evaluating the design and operating effectiveness of technology and information security controls established to mitigate key risks. This includes assisting with audits over cybersecurity, data protection, system access, change management, among other processes, while gaining exposure to risk assessment, control testing, and reporting practices.

What you’ll do:

• Assist the Internal Audit team in accomplishing audit department objectives in a team environment.
• Assist the Internal Audit team in identifying and analyzing risks, prioritizing audit work, and conducting interviews; observe the operation of technology processes and controls, document and analyze procedures and controls, perform audit tests, document audit work papers, timely identify and discuss potential audit issues and findings with the Internal Audit team.
• Conduct internal technology audits and assist in performing individual audit risk assessments. 
• Continuously seek opportunities for audit process improvement.
• Use knowledge of the current technology environment and financial services industry technology trends to proactively identify potential risks, issues, and findings; and communicate this information to the audit team.
• Demonstrate and apply strong project management skills to work on multiple priorities/projects simultaneously while meeting deadlines.
• Consider the use of data analytics and tools to efficiently execute audit procedures.
• Continue to develop and expand knowledge of the audit profession, financial and technology industry, and products through self-study, research, and continuing education efforts.
• Support special assignments and other duties as assigned.
• Some travel may be required.

What you’ll need:

• Bachelor's degree or equivalent in business, accounting, finance, information systems, cybersecurity, computer science or related fields.
• Minimum of 1+ years of experience working as an IT auditor (external or internal audit), or related experience working in a financial institution with knowledge of general and technology internal controls, risk management, and regulatory compliance. 
• Possessing or striving for professional certification(s) or related licensure (CIA, CISA, CPA, CISSP, or equivalent).
• Understanding of internal control concepts, internal auditing standards, risk assessment practices, COSO three lines of defense, etc. 
• Understanding of IT, cybersecurity, engineering processes, architecture, resiliency, automation, data, and cloud computing.
• Highly motivated self-starter who works well individually and in teams while meeting deadlines. 
• Inquisitive, curious, and proactive in identifying underlying technology risks.
• Strong written and verbal communication as well as presentation skills. 
• Ability to develop audit work papers, and write meaningful reports and presentations. 
• Strong written and verbal communication skills, and experience preparing audit workpapers, reports, and presentations.
• Minimum 1 professional certification or certification obtained within 12 months of hire date (e.g., CISA, CISM, CRISC, CIA).