Senior Technical Auditor

About The Position

Requirements

• Four or more years of experience in IT and/or Information Security audit or a comparable IT/Security role.
• Demonstrated ability to independently evaluate internal controls, execute significant portions of audits, conduct risk assessments, perform independent research, and analyze and resolve complex issues.
• Strong critical thinking, analytical, and problem‑solving skills, with the ability to synthesize detailed information while maintaining a clear understanding of broader business strategy and risk context.
• Proven project management capability in an audit or assurance environment, including managing priorities, meeting deadlines, and adapting to changing scope or risk profiles.
• Excellent written and verbal communication skills, with the ability to clearly and persuasively convey complex concepts to both technical and non‑technical audiences.
• Demonstrated professional maturity and judgment, including courage, customer focus, effective conflict management, comfort with ambiguity, interpersonal effectiveness, agility, and perseverance.
• Resourceful, adaptable, and able to transition effectively between competing priorities in a fast‑paced environment.

Nice To Haves

• Big 4 IT audit experience is preferred, including SOC 2 engagements.
• Experience auditing public cloud environments and leveraging GenAI tools is a plus.
• Familiarity or proficiency with data analytics tools and techniques (e.g., advanced Excel, SQL, Tableau, Python) is a plus.
• Advanced GenAI experience—including effective prompting in Copilot or ChatGPT, GenAI agent design using Copilot Studio is a plus.

Responsibilities

• Self‑motivated professional able to deliver risk‑based assurance and advisory engagements in accordance with departmental and professional standards, both independently and within a team environment.
• Produce high‑quality workpapers that clearly document control design, operating effectiveness, and results of testing.
• Engage effectively with first and second lines of defense and all levels of management, demonstrating a working knowledge of governance processes across critical IT domains.
• Participate in all phases of the audit lifecycle—from planning through reporting—including understanding technologies under review, how IT enables business operations, audit scoping, risk and control identification, and test design and execution with minimal oversight.
• Assess key operational and information technology/security processes, applying sound judgment and critical thinking to identify risks, evaluate control design, and develop appropriate testing procedures.
• Continuously expand technical knowledge through independent research and formal training, and apply that knowledge to audits involving emerging technologies and new or evolving technology implementations.
• Identify value‑add improvement opportunities and control enhancements, and clearly communicate audit issues and recommendations to both technical and non-technical audiences.
• Demonstrate understanding of data analytics concepts and practices, including the effective use of GenAI tools to enhance audit efficiency and effectiveness.
• Contribute to innovation and process improvement initiatives, including the development and execution of continuous monitoring approaches for key IT controls.
• Demonstrate leadership through active engagement, accountability, and commitment to ongoing professional development.
• Maintain familiarity with relevant industry frameworks and guidance (e.g., NIST CSF, CIS Critical Security Controls) and regulatory requirements (e.g., NY DFS 500, CCPA) and assess controls against those standards.