Internal IT Auditor, Senior

About The Position

Requirements

• Requires a bachelor’s degree or equivalent experience
• Requires a minimum of 5 years of prior related experience
• Basic competence and knowledge with support from others of: Financial Accounting and Finance Concepts, Managerial Accounting, Regulatory, Legal and Economics, Quality Framework, Ethics and Fraud, Information Technology, Governance, Risk and Controls, Organizational Theory and Behavior
• Working knowledge of AI tools, models, and platforms (e.g., generative AI, ML systems), including associated risks, controls, and governance consideration
• Strong analytical and problem-solving skills
• Advanced knowledge of auditing typically obtained through advanced education combined with experience
• May have practical knowledge of project management

Nice To Haves

• Certified Information Systems Auditor (CISA), Advanced in AI Audit (AAIA), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA) and/or Certified Secure Software Lifecycle Professional (CSSLP) highly desired

Responsibilities

• Performing and leading transactional quality review audits with limited or no supervision
• Supporting risk assessments and development of audit plans for data and AI governance areas
• Reviewing controls over AI-enabled business processes, including data sourcing, model outputs, decisioning logic, and human oversight mechanisms
• Leading corrective/preventive action planning related to transactional audits
• Assessing design and operating effectiveness of controls related to intellectual property (IP) protection, including source code repositories, model artifacts, proprietary algorithms, and data assets
• Performing audits of DevSecOps pipelines, including CI/CD tooling, automated testing, code promotion, and segregation of duties across development environments
• Evaluating risks related to use of open-source software, third-party libraries, and external AI services, including licensing compliance, security vulnerabilities, and data leakage
• Analyzing risks associated with data used in software and AI development, including data governance, quality, lineage, privacy, and regulatory compliance (e.g., HIPAA data considerations)
• Assessing AI governance frameworks, including intake, approval, ethical review, monitoring, incident management, and model retirement processes
• Researching issues and sharing the findings of that work with varying groups effectively (executives, managers, line staff, etc.)
• Developing and maintaining productive client and staff relationships through individual contacts and group meetings
• Working to achieve operational targets with direct impact on BSC departmental results
• Being responsible for entire projects or processes within BSC annual audit program
• Communicating with parties within and outside of BSC with the ability to educate others on complex disciplines