Internal Audit – Technology Audit Assistant Vice President – AVP

Internal Audit – Technology Audit Assistant Vice President – AVP

Requirements

• CISA qualification with 7+ years of IT audit, risk management, or a related field within financial services or a similar highly regulated industry
• Experience in critical technology domains including infrastructure (networks, databases and Windows/Unix operating systems), cyber security, ITSM practices, data analytics, applications (ERP and cloud solutions) and emerging technologies (e.g., robotics, AI, mobile)
• Working knowledge of generally accepted technology and information security standards and control practices (e.g., SOX, COBIT, NIST, ISO27001, ITIL)
• Working knowledge of common technology controls including those related to change management, logical access, system resilience & availability, information security, data interfaces and vendor oversight
• Understanding of key global financial services regulations and regulatory developments relevant to IT risks and controls
• Proven track record of leading technology audits and providing recommendations to stakeholders on the design, implementation and effectiveness of IT controls
• Ability to deliver integrated audits working with operational auditors to review the systems and infrastructure supporting business functions
• Understanding of internal control environments within the IT function
• Experience with data analytics / visualization and related tools (e.g., Tableau)
• Experience with Governance, Risk, and Compliance technology tools
• Undergraduate or graduate degree in information technology, computer science, cybersecurity, information systems, or a related field
• Proficient understanding of current accounting pronouncements, regulatory and industry events, and public company ICFR / SOX requirements
• Personal and professional integrity and objectivity of the highest order, with the ability to remain free from undue influence and a commitment to transparent communications
• Intellectual curiosity and ability to stay up to speed on developments in technology risk, global markets, our business, and the internal audit practice
• Excellent written and verbal communication skills, combined with strong interpersonal skills including the ability to present complex technical issues to executive management in straightforward terms
• Ability to evaluate risk impact and root cause
• Strong attention to detail and analytical rigor, with a commitment to achieving the highest standard of care
• Ability to think critically and strategically to develop innovative recommendations to mitigate risks / add value
• Ability to adapt to new challenges and thrive in a fast-paced environment while handling multiple priorities
• Ability to be proactive and work well within a team and individually
• Ability to work with and establish relationships with various levels of business stakeholders
• Energetic and enthusiastic approach to the role

Responsibilities

• Assist in the execution of the global audit risk assessment and planning processes across Blackstone’s technology environment
• Develop technology audit work programs to support the annual Audit Plan
• Leverage industry experience to provide technology risk subject matter expertise for audit and advisory engagements
• Perform risk-based technology audits and reviews of systems, applications, infrastructure (including cloud), and IT processes across Blackstone’s global businesses, products, regions, and enterprise functions
• Support integrated business audits by providing IT technology expertise to operational auditors and completing technical aspects of testing
• Identify and evaluate key controls (e.g., SOPs, ITGCs, application and infrastructure controls) including performing testing for design and operating effectiveness, documentation of test results, identification of findings as applicable, and development of corrective actions or operational enhancement opportunities that mitigate risk, drive efficiency, and add value
• Meet with key technology and business stakeholders to gain an understanding of their respective operating and risk environments, and independently assess risk across key processes supporting those environments
• Find opportunities to drive audit process efficiency with existing technical infrastructure through automation while embracing innovative opportunities offered by new technologies, including leveraging data analytics
• Participate in and/or lead firm and department initiatives
• Stay up to date with evolving industry / technology trends, external news, and regulatory changes; analyze the impact to the business and technology operating environment
• Champion a culture of innovation

Preferred Qualifications

• CISM, CPA, or CIA certification preferred in addition to CISA
• More advanced security and public cloud certifications would be an advantage, e.g., CISSP, AWS Solutions Architect / Security, Microsoft Azure Administrator / Architect, etc.