IT Auditor

About The Position

Requirements

• Bachelor’s degree in computer science, information systems, or other relevant subject areas
• 3-5 years of experience with information technology in Internal Audit, IT operations, IT Risk & Compliance, or Information Security, preferably within the financial services industry
• Technology auditing certification (e.g. CISA) required, or the candidate must commit to obtaining CISA certification within 18 months of hire.
• Working knowledge of one or more of the following: general computer and application controls, information security principles, software development lifecycle, business continuity and disaster recovery, and other technology areas including information technology governance standards and industry best practices (e.g., FFIEC, NIST, CIS, MITRE, OWASP, etc.)
• Effective organization and documentation skills (write succinct and cohesive process narratives, issue statements, findings and action plans), as well as ability to prioritize multiple projects
• Excellent communication (verbal, written, listening) and interpersonal skills
• Healthy professional skepticism along with excellent critical thinking and problem-solving skills
• Ability to build and maintain effective relationships with peers and business partners

Responsibilities

• Planning – Identify and evaluate key processes, risks and controls; contribute to preparation of audit programs and other procedures to test controls.
• Fieldwork – Timely execution of stakeholder interviews, documentation (e.g., process narratives, walkthroughs) and testing. Assess the design and operating effectiveness of controls.
• Findings and Issues – Identify and document potential findings and issues. Discuss with relevant stakeholders and assess potential level of risk and impact. Identify root cause of issues.
• Reporting – Participate in drafting audit report, including overall risk evaluation of control environment, detailed audit findings and issues.
• Coordination and Collaboration – Coordinate and communicate effectively with audit and client contacts to deliver work in a professional and timely manner.
• Technology Risk and Control Framework – Leverage technology and financial industry regulations and guidance to assess risks and control design and operating effectiveness.
• Documentation – Document work accurately, clearly and concisely and in accordance with audit methodology to support evaluation of risk and control effectiveness.
• Communication – Deliver clear, timely and balanced written and verbal communications to peers, supervisors, and clients.
• Critical Thinking – Demonstrate critical thinking by gathering, analyzing, questioning and sharing perspectives on areas under review.
• Training and Development – Build awareness of technology trends, risks and controls through personal curiosity, training and networking.

Benefits

• Eligible employees may participate in a 401 (K) program with a company profit sharing contribution, medical, dental, vision, life insurance and disability covering and paid holidays, vacation, and sick days.
• Competitive base salary plus discretionary annual bonus for select positions
• A 401(k) plan with a generous annual profit-sharing contribution
• Personalized development and career opportunities, including tuition reimbursement support
• Comprehensive medical, dental, and vision plans with zero contributions for employee coverage
• Employee assistance (EAP) and wellness programs
• Hybrid work environment: 60% in office, 40% remote for most positions
• Paid time off and paid parental leave
• Employer-paid life insurance and short- and long-term disability coverage
• Legal services and financial wellness plans at no cost to employees