- Builds effective relationships while providing independent value added internal audit services
- Provides reasonable assurance regarding the effectiveness of governance, compliance, risk management, and internal controls systems
- Independently or through leading engagement teams conducts independent assessments of information systems and IT internal control environment through the execution of risk analysis, control evaluation, and innovative audit testing procedures and techniques
Major Duties and Responsibilities:
- Has a lead role in all phases of assigned projects from planning to reporting, including understanding the technologies under review, how IT enables business operations, scoping the audit, identifying risks and controls, design and execution of testing procedures and writing audit reports
- Demonstrates and applies a thorough understanding of project management skills ensuring assigned audits meet department requirements. In coordination with management, sets overall engagement milestones (planning, fieldwork & reporting) for assigned projects. Ensures work is completed by self and assigned staff to consistently meet agreed upon milestone dates.
- Effectively communicates orally and written in both technical IT and non-technical terms to Operational and IT management. Makes sound recommendations for audit finding rankings and effectively supports conclusions during discussions with audit clients.
- Demonstrates proficiency in data analysis concepts and practices. Effectively uses the department's data analysis software to facilitate audit scoping and testing. Guides staff in the effective use of data analytics.
Qualifications:
- Has sound knowledge of core IT processes (e.g. application development, change management, logical & information security, networking, vulnerability & patch management, computer operations and business continuity) to provide credible specialist advice on technology controls to Internal Audit and Management at large.
- A Bachelor's degree in information systems, computer science, engineering, business/finance or equivalent training along with relevant technology experience are required. Insurance industry experience preferred.
- Five to seven plus years plus of IT audit or information technology experience with demonstrated IT subject matter expertise.
- Strong knowledge of IT auditing standards and control frameworks such as IIA, COBIT, NIST Cyber, CSC, and ISO2700x.
- CISA and / or CISSP Certification is required for those with an audit background. Other technical / IT security certifications are a plus.