The Senior IT Auditor conducts reviews and audits on the design, testing and implementation of new and existing technologies while acting as a subject matter expert/ consultant on information technology, security risk, control issues and selection of new technology solutions.
A Senior IT Auditor has no direct reports, but when acting as “Audit Lead” will supervise and coordinate the audit team and review their work for scope sufficiency and accuracy.
Primary duties & responsibilities consist of:
Defines, executes and manages Information Technology audits to ensure completion of the annual audit plan
Plans and executes engagements in accordance with the Standards for the Professional Practice of Internal Auditing by formally documenting the scope, objective and procedures, (including statistical sampling and information technology) utilized within a formal engagement work program
Obtains, analyzes and appraises internal system controls for adequacy, effectiveness and efficiency, while evaluating the controls compliance with established policies, procedures and plans.
Assesses and manages Information Technology risk through successful implementation of audit recommendations
Reports engagement observations to IA management with constructive recommendations for improving operations and controls, promoting growth, reducing costs, and ensuring compliance with applicable laws and regulations
Consistently communicates, (both verbal and written), any potential audit issues to all levels of the audit area in a timely manner
Attends training, (formal and informal) and engages in self-study to keep abreast of emerging technology /security concepts, industry best practices, auditing/ accounting standards and development of interpersonal skills
Performs special reviews and audits at the request of management
Identifies risks within a process/functional area and recommends controls to mitigates the risks
Bachelor’s degree and/or experience in information technology
Current Certification as a CISA (Certified Information Systems Auditor) and/or other certifications (CISSP, CISM) are required
Minimum of 3 years work experience in Internal Audit or Public Accounting
Strong technical skills and an in-depth knowledge of IT techniques and tools utilized during audits
Knowledge and adherence of the Standards of the Professional Practice of Internal Auditing, the Institute of Internal Auditors’ Code of Ethics and the Practice Advisories for Assurance and Consulting Services company
Ability to handle multiple tasks using problem-solving and analytical skills
Excellent written and oral communications
Up to 25% travel required
Understanding of network, operating system, application and database-related controls and configurations
Proven technical knowledge beyond general IT controls, including knowledge to support IT Governance, IT Security, application, networking, and database audits
Experience performing IT (mainframe and client/server) vulnerability assessments/audits