(Sr.) Internal IT Auditor

• Plan and execute assigned tasks and activities in support of information systems audits to determine the adequacy and effectiveness of internal controls.
• Lead audit kick-off, closing, and other client meetings, presenting observations and conclusions relevant to the overall scope of the review.
• Participate in integrated financial and operational audits to evaluate automated application controls, critical system functionality, and other IT related areas of risk.
• Prepare electronic work papers by the Internal Audit group’s standards.
• Lead the gathering and organization of background and other information to properly plan the audit.
• Lead walkthrough meetings with business unit contacts and assess the design of ITGCC’s.
• Prepare Internal Audit reports, summarizing the scope of reviews conducted and noted observations.
• Work with business unit management to ensure management responses will adequately address reported issues.
• Work with business units to document existing ITGCC’s for RCM development in support of Internal Audit and Risk Management; identify control gaps to provide value-add recommendations related to the improvement of the control environment.
• Participate in status meetings with IT Security Director (and others as necessary) to monitor and report on remediation of prior IT audit observations; develop and validate remediation plans by providing effective challenge.
• Serve as IT subject matter expert for the Internal Audit and Risk Management teams.

Additional Responsibilities:

• Communicate with clients to build and maintain relationships and communicate audit status.
• Develop relationships with management personnel to build rapport and to better understand company operations.
• Provide coaching to Internal Audit and Risk Management staff regarding identification and management of IT risks.
• Work with the business to develop areas of continuous monitoring and data analytics.
• Understand and articulate risks associated with information technology processes and ITGCC’s, and identify process and control gaps proactively.
• Liaise across relevant business, technology, and control functions to challenge technology risk decisions and assumptions.
• Monitor the status of the engagement.
• Serve as primary liaison to the IT client.
• Provide status reporting for delivery to the client.
• Confidently communicating control recommendations to client.
• Maintains/improves knowledge and skills through training; identifies outside training needs/opportunities.
• Ability to concentrate for 95% of work time, understand overall surrounding circumstances, and apply good judgment.