Job DescriptionYour RoleThe Consultant, Internal Audit (Technology / IT Audit) independently leads and executes complex audit and advisory engagements across technology environments. This role serves as a subject matter expert in IT audit and cybersecurity while providing strategic insight and guidance to management. The Consultant is accountable for delivering end-to-end audit work and acts as a trusted advisor to Director-level leadership and stakeholders.
ResponsibilitiesYour WorkIn this role, you will:
- Perform non-technical and technical IT audits with minimal supervision
- Define the scope of work for each audit
- Evaluate the design and effectiveness of applied controls for processes, systems, networks, and applications in accordance with laws, regulations, policies, procedures, and standards
- Support risk assessments and development of audit plans for data and AI governance areas
- Review controls over AI-enabled business processes, including data sourcing, model outputs, decisioning logic, and human oversight mechanisms
- Leads corrective/ preventive action planning related to transactional audits
- Assess design and operating effectiveness of controls related to intellectual property (IP) protection, including source code repositories, model artifacts, proprietary algorithms, and data assets
- Perform audits of DevSecOps pipelines, including CI/CD tooling, automated testing, code promotion, and segregation of duties across development environments
- Evaluate risks related to use of open-source software, third-party libraries, and external AI services, including licensing compliance, security vulnerabilities, and data leakage
- Analyze risks associated with data used in software and AI development, including data governance, quality, lineage, privacy, and regulatory compliance (e.g., HIPAA data considerations)
- Assess AI governance frameworks, including intake, approval, ethical review, monitoring, incident management, and model retirement processes.
- Complete detailed audit work papers that describe the scope of audit work performed, results of tests conducted, the controls in place, and the control or compliance deficiencies noted, using sound judgment
QualificationsYour Knowledge and Experience- Requires a bachelor's degree or equivalent experience
- Requires a minimum of 7 years of prior related experience
- Advanced understanding of technology, IT concepts and principles and the ability to leverage this knowledge to recommend effective solutions
- Advanced knowledge of security software programs and implementation
- Advanced knowledge of TCP/IP and networking (LAN, WAN and Wireless)
- Advanced knowledge of key information technology risks and controls and available technology-based assessment techniques
- Advanced knowledge of major risk assessment methodologies and security frameworks such as ISO, COBIT, COSO
- Advanced knowledge of major operating systems such as UNIX (e.g., Solaris) and Windows servers (2000, 2003)
- Advanced knowledge of major security tools and technologies such as intrusion detection and prevention systems, data loss prevention and identify management
- Advanced knowledge of Security Incident Management, Business Continuity/Disaster Recovery, Personnel Security, Physical and Environmental Security processes
- Working knowledge of AI tools, models, and platforms (e.g., generative AI, ML systems), including associated risks, controls, and governance consideration
- Knowledge of computer forensics, penetration testing and hacking techniques
- In-depth knowledge of security log analysis
- Strong knowledge of security regulations including HIPAA / HITECH, SOX, PCI, SB1386, AB1950
Our Workplace Model: We believe in fostering a workplace environment that balances purposeful in-person collaboration with flexibility - providing clear expectations while respecting the diverse needs of our workforce. Our workplace model is designed around intentional in-person interaction, collaboration, connection, creativity and flexibility:
- For most teams, this means coming into the office two days per week.
- Employees living more than 50 miles from an office location, out of state employees, and employees in certain member-facing roles should work with their manager to determine in-office time based on business need.
- For employees with medical conditions that may impact their ability to work in-office, we are committed to engaging in an interactive process and providing reasonable accommodations to ensure their work environment is conducive to their success and well-being.
The Company reserves the right to require more presence in the office based on business needs, and requirements are subject to change with periodic reviews.
Physical Requirements:Office Environment - roles involving part to full time schedule in Office Environment. Based in our physical offices and work from home office/deskwork - Activity level: Sedentary, frequency most of work day.
Please click here for further physical requirement detail.
