Sr IT Auditor

Description

• Analyzes requirements and advises key stakeholders regarding technical solutions and information controls for new or changed processes
• Delivers key performance indicators on audit issue and control weakness closure rate. Conduct testing and validation of remediation action plans and enhancements to control routines.
• Resourceful; creates and implements actions that are outside of the typical concept to generate results
• Serves as a subject matter expert on information technology policy, standards and framework and proactively bridges the gap between control requirements, technical issues and business risks.
• Conducts internal, information technology audits and rigorous control self-testing programs to ensure controls are designed adequately and working effectively to mitigate information technology and security risks within agreed policies, procedures, standards and risk limits.
• Leads small projects, ensuring requirements and timelines are met
• Collaborative; establishes and maintains effective working relationships, supporting company leadership and team
• Builds trust in others and works with integrity and ethically; upholds organizational values
• Provides input and performs full system life cycle management activities including solution configuration; data mapping and definition, test development and execution, and system training
• Ensures information technology risk management practices are embedded in the enterprise and that systems and data criticality and sensitivity are defined.
• Proactively researches changes in the industry, information technology governance and external risk compliance landscape.
• Creates and presents implementation plans approved by senior leadership.
• Incorporates business strategy into decision making process; mentors less experienced associates on strategies.
• Defines solutions in alignment with IT strategy and standards
• Takes ownership within area of expertise; provides guidance to others.
• Engages the Enterprise Security Office as appropriate in support of security related control testing and remediation as warranted.
• Constructs corrective action plans for resolution of control weaknesses and provides expert guidance on how to avoid and prevent similar situations in the future.
• Provides level 3 support functions
• Aligns solutions with IT strategy and standards
• Identifies opportunities to make improvements within their area of responsibility.
• Audits, assesses and ascertains that controls and processes are in place to ensure that information technology risks have been adequately managed and in line with business priorities.
• Proposes functional designs, alternatives, and solution approaches to meet specific requirements
• Provides support and guidance to colleagues
• Prioritizes work based on business drivers; takes ownership of changes in priority.
• Engages in discussion of complex business topics in assigned area and captures process activities and requirements.

Requirements

• Knowledgeable in all aspects of system development lifecycle; influences methodology
• Understands impact of changes in the business.
• Advanced proficiency in assigned area; building skills in multiple areas
• Bachelor’s Degree or Certification Required
• Strong awareness and knowledge of the following areas of information technology: cloud computing and security, governance, service management; and security authoritative sources providing control and control measurement best practices.
• Ability to provide recommended actions toward the design and operation of control measures and routines to ensure compliance with information technology and security standards, polices and applicable regulations.
• Demonstrated audit experience assessing information technology, cloud security and related compliance and control measures.
• Demonstrates effective working relationships with key stakeholders.
• Strong knowledge of Information Technology Infrastructure Library (ITIL) and Service Management principles.
• Recognizes when and to whom issues should be escalated
• Knowledge and experience auditing Information Technology and Cloud Security controls in accordance Sarbanes Oxley (SOX); Control Objectives for Information and Related Technology (COBIT); National Institute of Standards and Technology (NIST); International Organization of Standards (ISO), and/or other related authoritative sources and standards.
• Excellent communication skills, both verbal and written.
• Knowledge of critical control environments & measures related to security architectures, systems and environments.
• Advanced understanding of business and IT strategy / processes in their area of expertise.
• Sensitive and responsive to internal and external needs; proposes new solutions
• Application of systems analysis techniques and procedures, including consulting with users, to determine hardware, software, or system functional specifications; OR the design, development, documentation, analysis, creation, testing, or modification of computer systems or programs, including prototypes, based on and related to user or system design specifications; OR the design, documentation, testing, creation, or modification of computer programs related to machine operating systems; OR a combination of the above.
• Preferred CCSP – Certified Cloud Security Professional, and Microsoft Certified: Microsoft Azure Fundamentals & Solution Architect
• 8+ years of technical audit and/or related governance experience with working knowledge of information technology governance, information technology quality assurance, and/or information security risk assessment.
• Takes a creative and innovative approach to problem-solving; recognizes interdependencies / impacts
• Independently solves complex problems in core technologies; understands interrelationships with other areas
• Excellent communication and program management skills.

Benefits

• Fosters a supportive and collaborative teamwork environment

Training + Development

Interview process

Visa Sponsorship

Security clearance