IT Auditor

Responsibilities

The primary role of an IT Auditor is to execute various audit engagements in a lead or support position. Audit execution involves scoping, planning, testing, identification of issues and reporting. The IT Auditor may have a primary focus on IT business processes and/or SOX areas. Written and verbal communications, time management and customer focus are essential. Even though the audit execution process has a defined framework, each audit and process owner are unique, so the ability to respond appropriately to varying situations and environments is important. The IT Auditor engages in various projects in support of Corporate Audit Services process improvement and special requests.

Additional Responsibilities:

•    Execute audits according to departmental guidelines (including Institute of Internal Auditors (IIA) standards) to assess the adequacy and effectiveness of internal controls, validate compliance with Corporate procedures and address potential risks
•    Plan, scope, implement and execute tasks required to complete audits as defined in lead or support auditor roles 
•    Execute audit procedures including leading interviews, requesting, reviewing, and analyzing evidence, and documenting test steps in detailed, well-supported work papers
•    Identify and evaluate audit issues and/or gaps using a risk-based approach
•    Meet with process management to discuss audit findings and gain agreement on management action plans
•    Partner with audit clients to identify constructive and value-added solutions to address issues identified
•    Coordinate business process audit testing with SOX Testing to increase productivity
•    Perform issue remediation follow-up and testing
•    Perform process assessments and provide advisory services as requested by clients
•    Develop relationships with primary contacts for Focus Areas to promote dialogue and share information
•    Share process knowledge and key learnings with other Audit employees (train/mentor)
•    Contribute toward departmental projects and initiatives
•    Identify opportunities that improve departmental processes and that support corporate strategy
•    Find improvement opportunities where automation and/or data analytic tools could help automate procedures and analyze results
•    Identify and communicate IT audit findings to senior management
 

Qualifications

General Qualifications

Bachelor’s Degree required
Attention to detail and solid interpersonal skills
Ability to understand IT business processes
Ability to work in a complex and evolving environment
Develop and maintain productive, team-oriented relationships through face-to-face (virtual) interactions and group meetings
Support audit reporting and issue remediation efforts, including tracking the status of open issues and other IT-related findings
Communicate with process owners to clarify the importance of an effective control environment, and the role of internal audit
Performs risk analysis and communicates deficiencies, results, and recommendations with the client. Ensures adequate and supporting documentation is available to validate conclusions and recommended resolutions

Technical Qualifications

Must have a good awareness of General IT controls and activities. This includes strong knowledge across a breadth of IT processes, including but not limited to: security operations, program management, security administration, disaster recovery, business continuity, system operations, change management, infrastructure, modern development (e.g., DevOps, Agile), data governance, privacy, penetration testing, risk management, and incident/problem management.

Experience working with technologies such as SAP ERP/Hana, Active Directory, Linux, Windows, AIX, Oracle, SQL Server, cloud architecture (AWS, Azure or GCP), Microsoft 365, Salesforce, ServiceNow, etc

Preferred Additional Qualifications:

3-8 years of IT experience
1-2 years of audit experience (Business Process Audit or SOX)
Familiarity with common audit standards and frameworks: COSO, COBIT, and the IIA Standards
Experience with AWS, Azure, or Google cloud hosted environments, SOC 2, NIST, ISO, HIPAA and GDPR compliance and privacy standards.
Scripting knowledge (PowerShell or Python)
SAP experience
AuditBoard experience
IT focused degree (Computer Science, Cybersecurity, Accounting Information Systems, Management Information Systems, Software Engineering, Computer Engineering, Data Analytics)
Advanced Certifications: CISA, CISSP, CISSA, Cybersecurity Audit Certificate, AWS or Azure Certifications

Pursue professional development opportunities, including external and internal training, and share lessons learned with co-workers