As an Assurance and IT Manager in Internal Audit- you will manage and support the execution of IT, financial, operational, and other risk-based audits for ICF's domestic and international operations. Reporting to the Vice President of Internal Audit, the Manager is responsible for working independently and supervising junior team members as required.
The Manager will take the lead role on moderate to high complexity projects and be proactive about identifying and seizing opportunities to increase company/business knowledgebase and areas of expertise. The Manager will identify opportunities for continuous improvement within IT risk and other processes as appropriate; and provide insightful results through the audit reporting process. The Manager will be expected to be collaborative and build good rapport and solid business relationships with management. Over time, the Manager will be expected to develop a command over key services and value add initiatives Internal Audit provides to the company. This position is based in our Fairfax, Virginia, Metro accessible headquarters, and may require up to 10% travel, to include international locations.
- Plan, lead/supervise, and execute internal audit projects independently.
- Supervise or perform upfront Internal Audit project planning, including defining audit scope and developing audit work programs based on risk analysis
- Facilitate or lead interviews to understand the business process and document the business process in a set of flowcharts or narratives
- Supervise or evaluate the effectiveness of the design of controls for business processes and execute testing of internal controls, identifying exceptions
- Review or complete work paper. Ensure work papers, support schedules, and reports are done in a timely and high-quality manner to support audit conclusions. Provide other team members and consultants with appropriate guidance during project work.
- Support or incorporate the use of data analytics where appropriate to improve the audit efficiency and broaden the audited population
- Assist with or summarize audit results in a formal audit report
- Manage the auditee relationship through professional, proactive, and right-touch communication. Ensure that management is kept up to date with potential audit findings and improvement areas during fieldwork; and discuss and presents audit results to management
- Assess IT Controls including: Identity and access management, segregation of duties, configuration management, system development, business continuity and disaster recovery, Cybersecurity, Cloud Infrastructure and database security, network security, Application controls, Data Privacy, post and pre-implementation reviews, and third-party risk management.
- Supervise and assist in the execution of assurance and compliance audits including SOX compliance auditing. Assess entity-level, financial, and IT general and application controls. This includes reviewing the results of other team members in the evaluation of the design of SOX controls, the completion of SOX walkthroughs, and testing the effectiveness of SOX controls.
- Supervise and perform advisory reviews to support business process and control improvements. Research, identify, and recommend leading, best practices.
- Support the Enterprise Risk Management program through the evaluation of existing and emerging risks, assisting with the development and refinement of the program toolset, and supporting management and board reporting of risks.
- Assist with the development of the Internal Audit plan; and
- Identify and recommend improvements to internal audit processes/controls.
- Participate in the development of other junior level team members
- Bachelor's degree in Information Systems or Finance/Accounting with a minor in MIS (or relevant work experience in lieu of minor in MIS)
- Certifications, Licenses: 2+ years with one of associated certifications: CISA, CISSP, CRISC, CISM or a widely accepted Cybersecurity certification
- 5+ years of experience within an IT audit or compliance function including information systems auditing or combined audit/IT audit experience with experience in areas to include: Costpoint, ERP applications, Windows, Linux, Cloud and network technologies, relational database systems, MS SQL, system development and implementation Advanced knowledge of a formal IT risk assessment framework, data privacy and e-privacy laws and regulations, and widely accepted information and data security, frameworks (i.e. COBIT and NIST)
- Strong analytical skills background through use of ACL, IDEA, Excel or MS Access
- Additional certification (CPA, CIA, CFE)
- Internal Audit and/or Big Four experience.
- Excellent verbal, interpersonal, and written communication skills
- Strong analytical, problem-solving, and decision making capabilities
- Team player with the ability to work in a fast-paced environment
- Sound business ethics, including the protection of proprietary and confidential information
- Ability to apply detailed knowledge of organizational procedures to make independent decisions and serve as a credible resource for a senior management team
- Ability to work with all levels of internal staff, as well as outside clients and vendors
- Excellent problem solving skills with ability to analyze situations, identify existing or potential problems and recommend solutions
- Proficiency in MS Office Applications (Word, PowerPoint, Outlook, Excel)