The Senior IT Auditor will be responsible for the development and execution of IT, SOX-404 ITGC/GCC and operational controls testing in accordance with the company's internal audit plan. The incumbent will be responsible for conducting all work in accordance with Internal Audit Standards. This responsibility includes audit planning, developing internal audit scope and objectives, performing internal audit procedures, and preparing internal audit reports that reflect the results of the work performed. Additionally, the Senior IT Auditor performs follow-up on the status of outstanding internal audit issues.
- Support the SOX-404 IT process, including scoping, planning, walkthroughs, testing and status reporting.
- Independently conduct IT and IT-related audit projects, including analyses of business data and company systems.
- Coordinate and work with other Staff, Senior Auditors, and external consultants to support IT-related needs for IT, financial, and operational audits.
- Evaluate the adequacy of internal control and processes through detailed testing.
- Compile audit findings and recommend value-added revisions to systems and procedures.
- Communicate audit findings to management in well-written audit reports.
- Manage follow-up on open audit issues and facilitate agreement with business process owner to ensure timely closure of action plans.
- Communicate with external auditors and support their initiatives effectively from IT audit stand point.
- Other duties as assigned.
EDUCATION AND EXPERIENCE:
- Understanding of network, operating system, application and database-related controls and configurations.
- Understanding of cybersecurity controls and frameworks (e.g., NIST).
- Experience with system implementations, access controls, change management, back-up and IT security-related processes.
- Ability to work independently, with limited direction and guidance, and provide appropriate direction to other internal audit project team members.
- Ability to interact well with internal and external parties.
- Strong project management, analytical and organizational skills.
- Excellent written and verbal communication skills.
- Understanding of internal control concepts and experience in applying them to plan, perform, manage and report on the evaluation of various business processes/areas/functions.
- Ability to complete projects and reports within communicated deadlines.
- Experience with Oracle, Excel, Visio.
- Knowledge SOX, COBIT, and Institute of Internal Auditors (IIA) Standards and Practice Advisories is preferable.
- At least 3 years of experience in IT auditing or in IT-related position. Additional experience in financial and operational auditing preferred.
- Experience with Oracle, Linux, network environments as well as SDLC/change management-related processes and controls.
- Experience in performing multiple projects and working with varying team members.
- Bachelor's degree in Computer Science, Computer Engineering, IS Management, Accounting, Finance or Business Administration.
- Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) or other IT audit-related certification preferred. Certification within one year required.
- Other preferred certifications include Certified Public Accountant (CPA) and Certified Internal Auditor (CIA).
Approximately 75% performed in climate-controlled internal office environment working under normal office conditions. Approximately 25% travel required. While performing the duties of this job, the employee is regularly required to sit, stand, walk, use hands and fingers to feel and handle, reach with arms and hands, talk, and hear. While performing the duties of this job, the employee frequently is required to stoop, kneel and crouch, lift weight or exert a force up to a maximum of 25 pounds.
We are a dynamic organization in a rapidly changing industry. Accordingly, the responsibilities associated with this job will change from time to time in accordance with business needs. More specifically, the incumbent may be required to perform additional and/or different responsibilities from those set forth above. The above declarations are not intended to be an all-inclusive list of the duties and responsibilities of the job described, nor are they intended to be such a listing of the skills and abilities required to do the job. Rather, they are intended only to describe the general nature of the job.