Essential Duties and Responsibilities:
- Conduct risk-based audits including all aspects of the audit life-cycle, including risk assessment, planning, client coordination, fieldwork, data analysis, workpaper documentation, reporting, and remediation validation, with direction from senior team members.
- Strong focus on information technology and information security controls in executing integrated, risk-based audits to evaluate the design and effectiveness of internal controls. Auditor will also focus on the integration of IT and business process risk considerations within the audit process.
- Detailed understanding of IT managed processes, including technology architecture, system build and provisioning, configuration management, performance monitoring, incident management, change management, user access management, disaster recovery, etc.
- Evaluate key information security risks including confidentiality, integrity and availability of technology components through review of security operational processes, such as vulnerability management, penetration testing, security logging and monitoring, security incident response, and defense in depth strategies.
- Evaluate root cause factors for audit testing exceptions and recommend practical solutions that reduce risk and strengthen business process and controls.
- Ensure audit testing work papers are documented in a consistent and high quality manner while executing project tasks in adherence to established timelines.
A bachelor’s degree in management information systems, business administration, accounting, finance, computer science, or related field required.
- Must have 2+ years of IT auditing experience.
Excellent written, verbal, and interpersonal communication skills with the ability to effectively communicate complex concepts to technical and nontechnical audiences alike required.
Excellent PC skills, including word processing and spreadsheets, with adaptability to specialized programs for risk management and others in use by Internal Audit, while maintaining superb attention to detail required
- Accounting industry experience is preferred
- Big 4 Accounting industry experience is a plus
Familiarity with common technology frameworks, including COBIT, NIST Cybersecurity, ISO 2700, PCI-DSS, and the FFEIC IT Handbook is also preferred.
Must be able to possibly travel up to 15%
Contact: If you or someone you know would be a qualified candidate for this position, please send your resume to firstname.lastname@example.org.