Information Systems Auditor

About The Position

Requirements

• 1 year experience and/or exposure to internal information systems audit, risk, or compliance.

Nice To Haves

• 3-5 years experience in Internal Audit with a focus on information systems.
• Broad IT knowledge in infrastructure technologies, application development and support, and emerging technologies in one or more of the following areas: IT General Controls (ITGCs) access, change management, and operations; Cybersecurity Controls identity & access management, data protection, security monitoring; Application Lifecyle Controls key system controls supporting business processes; Data Analytics & Audit Testing data extraction, validation, and risk-based analysis; IT Risk & Control Frameworks NIST, COBIT, COSO alignment; Systems & Infrastructure ERP (SAP), databases, operating systems, and networks; Business Continuity & Disaster Recovery (BCP/DR) resiliency and recovery capabilities.
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified Internal Auditor (CIA)

Responsibilities

• Participates in risk analysis, control identification, and the detailed development, execution and communication of the risk-based audit plan.
• Independently performs assigned audit testing and concludes on the effectiveness of controls, identifying control gaps and exceptions and evaluating the potential impact.
• Verifies the adequacy of IT procedures for the company through a systemic program of audits.
• Demonstrates the ability to multi-task, by clearly documenting the results of testing on more than one audit concurrently.
• Completes audit work, including audit work plan, work papers, findings, and associated reports.
• Prepares audit reports and work papers to ensure adequate documented evidence exists to support audit opinions and conclusions.
• Conducts IT integrated audits with operational, compliance, financial, and investigative audit teams, as assigned.
• Accurately interprets collected evidence to effectively Identify, recommend, and report improvement opportunities for processes and controls.
• As appropriate, identifies opportunities for continuous improvement related to the use of technology.
• Manages auditee relationship, including facilitating meetings, discussions of findings, and presenting draft and final reports in a professional manner.
• Prepares well-written and timely audit reports which communicate audit issues and related recommendations in both technical and non-technical terms to management.
• Effectively communicates audit issues and related recommendations in both technical and non-technical terms to management.
• Demonstrates development in technical and analytical skills to understand new and existing technologies, including Cyber Security, IT General Controls and Software Development Practices.
• Demonstrates technical understanding of data analysis concepts and practices.
• Keeps abreast of company policies and procedures, current developments in technology and auditing professions, and regulatory changes.
• Develops an awareness of changes in IT audit practices, regulatory requirements, and IT Risk frameworks to understand their impact to Auditing. (e.g. NIST, COBIT, ISO, etc.)