The right candidate will support the IT Audit Manager in assessing financial, operational, and regulatory risks relating to the company’s use of information technology, evaluating controls over information systems, and providing control recommendations to IT Management and Internal Audit to reduce risks deemed unacceptable. The Senior IT Auditor analyst demonstrates a thorough understanding of the concepts, terminology, capabilities, and applications of technology, security risks, and control risks associated with various IT architectures.
Essential Duties and Responsibilities
Assesses IT risks through control auditing practices:
Documents IT processes
Conducts tests of Sarbanes-Oxley (SOX) IT controls
Conducts tests of non-SOX IT controls
Documents test activities and results
Reports test results to IT management and Internal Audit
Develops and Implements controls and Risk Management initiatives:
Provides control recommendations to IT Management and Internal Audit
Develops policy and standards in accordance with IT Governance
Designs frameworks and procedures in accordance with IT Strategy
Subject areas include:
IT Risk Assessment
IT Security (Logical, Network, Physical)
Change Management (Software, Hardware)
BCP / Disaster Recovery / Data availability
Software Acquisition and Development
Sarbanes-Oxley Compliance
General Controls and Application Controls
Qualifications
Education and/or Experience
Bachelor's degree (B. A.) from four-year college or university in Audit, Computer Science, or Management Information Systems
3 + years experience in IT Audit or IT Risk Management
Extensive knowledge of IT controls and best practices
Extensive knowledge of the IT Governance Institute’s Control Objectives for Information and related Technology (COBIT) framework for IT governance
Extensive knowledge of the Sarbanes-Oxley Act of 2002
Possess a proven track record in the preparation/development of documentation and testing of internal controls and systems
Excellent written communication skills
Excellent relationship management skills
Ability to communicate effectively with internal management as well as external firms
Disciplined self starter who can work with minimal supervision
Familiarity with the IBM AS/400 security environment
Familiarity with auditing ERP applications
Preferred:
Professional certification (CISA, CIA, CISM) highly preferred
Big four experience
JDE application testing experience