The primary responsibilities of the IT Auditor are assisting with planning and carrying out audit assignments within the Information Technology (IT) area. The individual should be creative as well as a strategic thinker proficient in addressing information technology and business issues. This requires a thorough understanding of Internal Audit?s philosophy and audit process. The individual must be hands-on, bring a proactive approach to the role, as well as being results oriented and maintain a sense of urgency. This role requires experience in communicating with all levels of management and, as necessary, the Audit Committee, Regulators, parent Bank auditors and the Bank?s External Auditors.
Under the supervision of the Auditor or immediate manager, the individual will work independently or as part of a team.
- Survey functions and activities in assigned areas to determine the nature of operations and the adequacy of the system of control to achieve established objectives.
- Determine the direction and thrust of the proposed audit efforts.
- Plan the approach (sampling, etc.) and scope of the audit and prepare an audit program.
- Identify areas of risk and key control points of the systems and operations.
- Evaluate a system?s effectiveness through the application of knowledge of business systems, including financial, operational, compliance, and other operations, and understanding of auditing techniques.
- Perform audits in a professional manner and in accordance with the approved audit program and methodology.
- Prepare acceptable working papers which record and summarize data on the assigned auditable entity.
- Obtain, analyze and appraise evidentiary data as a basis for an informed, objective opinion on the adequacy and effectiveness of the system and the efficiency of the activities being reviewed.
- Make oral or written presentations to management during and at the conclusion of the examination, discussing deficiencies, recommending corrective actions and suggesting improvements in operations and reductions in cost.
- Prepare formal written reports, as requested, expressing opinions on the adequacy and effectiveness of the system and the efficiency with which activities are carried out.
- Appraise the adequacy of the corrective action taken to improve deficient conditions through effective follow-up activities.
- Perform Continuous Auditing responsibilitiesscheduled by the Auditor and/or immediate manager, as necessary.
Requires a Pro-Active individual who recognizes the need for excellence, accountability of performance, conscious of budget and time constraints, flexible with change and strives to deliver a quality product.
- Bachelor?s Degree or equivalent with a major in Information Systems or other related IT discipline.
- Four to seven (4-7) years of auditing experience, preferably in related industry.
- Excellent verbal, written, communication and analytical skills
- Ability to work independently or as part of a team.
- In depth experience with performing infrastructure and security reviews.
- Experience in performing application, change management and development reviews.
- Thorough knowledge of the following platforms: Windows, Linux, Exchange, VMWare, SQL, Oracle, IIS, WebLogic, JBoss and Apache.
- Solid understanding of Business Continuity/Disaster Recovery as well as Risk Management functions.
- Familiarity with various governance frameworks and standards, such as COBIT, NIST and ISO
- Certification (i.e. CISA) is preferred, but not required.