As a trusted advisor, The Senior IT Auditor:
- Builds effective relationships while providing independent value added internal audit services
- Provides reasonable assurance regarding the effectiveness of governance, compliance, risk management, and internal controls systems
- Independently or through leading engagement teams conducts independent assessments of information systems and IT internal control environment through the execution of risk analysis, control evaluation, and innovative audit testing procedures and techniques
Major Duties and Responsibilities:
- Strong understanding and experience with testing of IT General Controls.
- Understanding or working knowledge of cybersecurity concepts such as Security Operations (Vulnerability Management, DLP, SIEM etc.), Security Engineering (Cryptography, Cloud Security, Security Architecture etc.), Identity and Access Management etc.
- Understanding or working knowledge of Network and Network Security concepts and tools such as Network Access Controls, Intrusion Detection and Prevention, TACACS/Radius (Central authentication), Network Penetration Testing (e.g., red teaming) etc.
- Understanding or working knowledge of information security controls, infrastructure technology, technology governance and assessments, cybersecurity tools (e.g., Qualys), Splunk, Netskope, Zscaler etc.
- Working knowledge of other technology infrastructure concepts, processes, and associated risks - such as, Active Directory, Operating System, On-premises Data Center etc.
- Has a lead role in all phases of assigned projects from planning to reporting, including understanding the technologies under review, how IT enables business operations, scoping the audit, identifying risks and controls, design and execution of testing procedures and writing audit reports
- Demonstrates and applies a thorough understanding of project management skills ensuring assigned audits meet department requirements. In coordination with management, sets overall engagement milestones (planning, fieldwork & reporting) for assigned projects. Ensures work is completed by self and assigned staff to consistently meet agreed upon milestone dates.
- Effectively communicates orally and written in both technical IT and non-technical terms to Operational and IT management. Makes sound recommendations for audit finding rankings and effectively supports conclusions during discussions with audit clients.
- Demonstrates proficiency in data analysis concepts and practices. Effectively uses the department's data analysis software to facilitate audit scoping and testing. Guides staff in the effective use of data analytics.
Qualifications:
- Has sound knowledge of core IT processes (e.g. application development, change management, logical & information security, networking, vulnerability & patch management, computer operations and business continuity) to provide credible specialist advice on technology controls to Internal Audit and Management at large.
- A Bachelor's degree in information systems, computer science, engineering, business/finance or equivalent training along with relevant technology experience are required. Insurance industry experience preferred.
- A minimum of 4-6 years of Audit or Data Analytic experience (public and/or internal) and preferred experience in property casualty insurance.
- Excellent computer and data analytic skills, including experience in audit analytics and/or continuous audit monitoring programs..
- Strong knowledge of IT auditing standards and control frameworks such as IIA, COBIT, NIST Cyber, CSC, and ISO2700x.
- CISA and / or CISSP Certification is required for those with an audit background. Other technical / IT security certifications are a plus.
