Job Description

Position Overview

Serves as lead auditor for information technology (IT) and integrated audits on a global scale. Leverages deep technical expertise and a passion for network and cloud security to recommend process enhancements and reports audit findings to all levels of management. Leads the design, development and execution of risk-based audit procedures, and evaluate the effectiveness of internal control processes. Supervises other auditors assigned to their individual projects to achieve quality standards and ensure successful audit execution. Establishes strong partnerships with key stakeholders and actively promotes the Global Audit brand.

Responsibilities

Assess key risks associated with operational, business, and IT-related processes and activities. Recommend scope, direction and budget of proposed audits.   Develop audit procedures to assess control design, control effectiveness, and assess the impact of end results through a risk-based approach that is aligned with key business and audit objectives. Recommends revisions to existing procedures to enhance efficiencies or to capture changes in the risk posture.
Ability to walkthrough and document an unfamiliar process and effectively develop test procedures for the controls identified throughout the process being reviewed.
Defines, owns and executes against communicated commitments and deadlines. Takes accountability for deadlines and is able to embrace flexibility with positivity in the face of any emerging obstacles or barriers in order to meet deadlines. Offers solutions to unexpected events or changes in direction; quickly makes adjustments as needed.
Assumes responsibility as a project leader for special initiatives and requests, providing advisory and consulting services to management. Recommends staffing requirements to complete the effort. Coordinates and directs activities of assigned auditors; ensures assigned work meets defined audit standards for quality and execution.
Provides training and mentorship to new auditors on key standards and practices that are employed within the department and across the company, while sharing expertise and lessons learned with others.
Seeks out and develops collaborative partnerships within and outside the department. Proactively communicates the Global Audit brand, providing control expertise, operating with the highest level of integrity, and proposing constructive solutions that improves control effectiveness and mitigates risk in support of business objectives.  
Prepares high-quality memorandums and reports for internal and external stakeholders. Able to succinctly characterize key audit objectives and scope of work; drive to root-cause for reportable observations; achieve management buy-in on the stated risk and finding(s); and liaises the report with appropriate stakeholders.
Determines use of data and analytics, techniques and software necessary to accomplish audit procedures. Obtains, analyzes and appraises supporting data utilizing various software applications.
Performs and oversees testing and walkthrough procedures to assess key business processes and company compliance associated with regulatory requirements. Reviews and analyzes the control structure, performs walkthrough and testing procedures, documents test procedures and results, and develops audit reports to communicate required improvements and practical recommendations to management.

Requirements

Education & Experience

Required

Bachelor’s Degree in Management Information Systems, Accounting, Business or equivalent combination of related work experience and education
4+ years of IT auditing experience in public or private sectors

Preferred

Advanced degree in Management Information Systems, Accounting, Finance or equivalent education
Reinsurance or insurance audit experience
The following certifications or equivalent: CISA; CISSP; CIPP; CCSP; CEH; CRISC; CPA; CIA

Skills & Abilities

Required

Advanced knowledge and application of risk-based auditing
Self-starter and motivator; consistently takes initiative
Ability to  multiple task, balancing priorities and deliverables
Excellent interpersonal skills with demonstrated ability to lead and mentor others on key project deliverables
Experience performing integrated audits based on an understanding of business process design, operational risks, and internal controls, to plan and execute testing of key automated controls and reports
Experience leading and supporting project assurance and risk consulting activities including, but not limited to:

Providing independent project risk management advice to project team and stakeholders
Conducting detailed pre/post-implementation reviews to assess the design and operating effectiveness of controls

Experience auditing Amazon Web Services (AWS) and cloud computing environments
Experience auditing compliance with privacy and security regulations
Able to work independently and embrace ambiguity while learning a complex business and IT environment
Ability to evaluate business processes and IT technology, identify risks and evaluate controls
Able to work within a dynamic, global team environment and willingly participates in department projects
Ability to work effectively and efficiently in a remote operating environment
Routinely displays a positive attitude and is solution-oriented
Advanced oral and written communication skills
Consistently produces high-quality deliverables at defined commitment dates
Possesses complex investigative, analytical and problem-solving skills
Can translate business needs and problems into viable and accepted solutions
Actively seeks and establishes partnerships with key stakeholders across a wide variety of operational, functional, and technical disciplines
Experience in establishing effective communication protocols with managers and leaders in the organization
Has demonstrated Sarbanes-Oxley experience related to IT Audits and related
Proficient using MS Office products (Teams, Word, Excel, PowerPoint), Zoom

Preferred:

Experience with cybersecurity control frameworks such as NIST Cybersecurity Framework, CIS Critical Security Controls (CSC), ITIL and ISO27001.
Experience with Tableau, Power BI, Alteryx, DB Visualizer, SQL, Toad, ACL and electronic work paper tools 
Experience developing, implementing or auditing Robotic Process Automation and Data & Analytics
Experience with PeopleSoft, Oracle database, Windows / SQL server