IT Audit Manager

IT Audit Manager

Requirements

• Knowledge and experience leading risk-based general technology and application audits
• Solid understanding of IT general controls and related processes (e.g., Configuration Management, Third Party Risk Management, Data Protection, Application & Security Development)
• Understanding of Information Technology Service Management (ITSM) controls (e.g., Change Management, Incident Management, Problem Management)
• Skills as needed to perform testing of application controls (e.g., Application Security Testing, Interface Controls)
• Knowledge of risks related to newer technologies (e.g., Infrastructure as Code, Cloud Access Management, Kubernetes, Containers, CI/CD) is a plus
• Knowledge of cloud environments and related technologies (e.g., Microsoft Azure, Amazon Web Services) is also a plus
• Knowledge of financial industry standards, frameworks, and regulations (e.g., NIST CSF, FFIEC, GDPR)
• Strong analytical, leadership, and organizational skills are needed
• Strong report writing and work paper documentation skills

Responsibilities

• Functions in various roles on audit engagements, including leading audits, staffing audits and providing consulting or oversight functions based on the needs of the team
• Provides technical expertise to the IT Audit Team and uses sound audit practices
• Maintains familiarization and technical expertise with the assigned business unit(s) including organizational structure, personnel, activities and products, new product development, financial performance and risk and problem areas
• Responsible for staying current on regulatory rules and changes within the industry
• Interacts and partners with senior management to understand the risks within the business, business changes, and other significant events that could significantly affect the business and/or the audit plan
• Manages and performs special projects as assigned
• Participates in meetings with business unit(s) to discuss audit results
• Communicates with partners at all levels, developing and presenting recommendations on operations and controls for business unit(s)
• During audit engagements, assigns work to auditors, sets priorities and monitors activity. Conducts the performance management process for direct reports
• Utilizes understanding of various businesses to ensure operations, services, and systems have proper audit controls in place (i.e., design of the control environment)
• Reviews audit work including work paper documentation, findings and recommendations and the final report to ensure appropriate adherence to Policies and Standards and ensuring work is performed within established timeframes
• Evaluates corporate management, business processes, business controls, and operating practices during audit/consulting/monitoring engagements
• Applies analytical skills to review information and determine potential control weaknesses

Preferred Qualifications

• Certified Information System Audit (CISA) certification is preferred
• Additional certifications such as Certified Information Systems Security Professional (CISSP), or other related certifications is a plus
• Adept auditing and/or systems experience in a financial institution, or similar public accounting experience in the financial services industry