This position performs internal audit assignments throughout the company, working independently or under the supervision of Audit Management (the Program Manager, Internal Audit, the VP of Internal Audit or working as part of the audit team with PSCU’s co-sourced Internal Audit partners). The incumbent will work as part of an audit team to plan and conduct audits, evaluate risks, document and review processes; identify and test controls, and write audit findings and audit reports, and will report the extent of compliance with company and department policies and procedures, and compliance with applicable regulations and industry standards or best practices. The incumbent will assist with tracking open audit findings and facilitate response generation, information gathering, testing evidence, and escalation of prior findings with Audit Management. There will be exposure to senior management throughout the organization. In addition, this individual may work closely with management and staff from third party organizations to provide internal audit support.
Essential Functions & Responsibilities
Perform essential functions described below for IT, operational, or financial audits across the spectrum of IT functions, systems, data, and application security, access management, application and product development (SDLC), change and release management, infrastructure, and system configuration and administration, network administration, data center management, endpoint technology services and desktop support, database management, incident response, and incident/problem management, production support, ETL automation, business continuity and disaster recovery, pre/post system implementation projects, and IT governance:
- Plan, execute, and deliver audit results for different types of audits using various standards for IT General Controls, SOC1 and 2, Cybersecurity controls, PCI-DSS, ACH NACHA, and third-party service provider audits
- Perform internal risk assessments under the direction of Internal Audit Management
- Assist with planning the nature, scope, and extent of each audit on the internal audit plan and prepare audit programs and other required documentation in accordance with PSCU’s audit methodology related to the planning activities assigned ;
- Coordinate activities and communication, including meeting planning preparation and scheduling, with audit clients, co-sourced audit partners, and management. Assist Audit Management and co-sourced internal audit partner to coordinate and schedule audit meetings.
- Create process documentation and identify risks and key controls and evaluate for potential design deficiencies.
- Create and/or prepare audit documentation and testing procedures at the entity, process, transaction or application levels, including assessing controls/fraud
- Monitor and/or execute audit or project program in a resourceful and skillful manner to ensure audit or project is completed timely and conforms to internal audit methodology and standards.
- Assist process owners in understanding and accepting control or process gaps, issues; discuss findings and recommendations with audit clients, and obtain timely feedback prior to the end of fieldwork.
- Handle potential conflicts; resolve and escalate issues with management in a timely and appropriate manner.
- Assist with audit report writing and/or revision.
- Monitor management’s completion of the action plans agreed upon in the remediation process. Escalate and provide support when needed or requested by Audit Management.
- Monitor changes to applicable guidance (policies, regulations, industry standards and other best practices) to identify and recommend possible updates or changes to audit methodology or practices or to management.
- Maintain current, working knowledge of applicable guidance as it relates to the IT function for risks, processes, and controls.
- All audit activities assigned must be performed in accordance with the Internal Audit methodology as defined in the Audit Manual.
- Willing to travel up to 20% to other PSCU offices in the U.S.
- Perform other duties as assigned
- While performing the duties of this Job, the employee is regularly required to sit; use hands to finger, handle, or feel and talk or hear
- Specific vision abilities required by this job include close vision
- Ability to occasionally lift/move up to 25 pounds
- Individuals with a disability who are otherwise able to perform the essential functions of the job may request a reasonable accommodation through the Human Resources department.
Bachelor’s Degree in Information Technology, Computer Science, Accounting, Finance, or related technical or business field; or equivalent combination of education and experience is required. At a minimum, a current CISA certification is required. Other certifications, CISSIP, CPA, CIA or equivalent audit credentials or certifications, preferred.
Minimum of three (3) years related work experience as an IT Systems Auditor required; and a minimum of 2 years’ experience working in another functional business area, such as information technology, accounting, risk management, is preferred.
- Strong understanding of and broad-based experience with technology, IT controls and related auditing techniques for IT functions mentioned in the Essential Functions section.
- Strong working knowledge of the various auditing standards recognized in the industry, including ISACA IS Audit and Assurance Standards and Guidelines and Institute of Internal Auditors (IIA) Standards and Guidelines
- Strong Microsoft Excel skills; Proficient in Microsoft word processing, presentation, spreadsheet, and flowchart computer software applications. Working knowledge of SharePoint a plus.
- Proficient in analytical auditing tools such as ACL or other tools.
- Experience with a GRC tool used for audits. Experience with Logic Manager would be a plus.
- Strong knowledge of risk management, and COSO and COBIT internal controls frameworks require
- Working knowledge of the following:
- Other frameworks such as NIST and ISO are preferred.
- IT regulatory compliance as published by the FFIEC is preferred
- ACH NACHA, PCI-DSS, and AICPA SSAE18 (SOC1 & 2) a plus.
- VISA / MC operating rules a plus.
- Working experience with payment systems and/or financial services related to the credit/debit card industry preferred.
- Knowledge and/or experience with auditing the following IT technologies or systems would be a plus:
- Unix/Linus and Windows systems
- SQL and Oracle databases
- Application and API development using appropriate waterfall or Agile (SCRUM) methodology; ETL framework standards
- Corporate security tools such as Fireeye Gateway, Splunk, Symantex EP DLP, Bluecoat Proxy, and Intel Security IPS/IDS
- Identity Management tools such as CyberArk
- Cloud-based applications such as WorkDay, Lawson and Service Now
Knowledge, Skills, & Abilities
- Demonstrate behaviors based on PSCU values: Excellence, Innovation, Leadership, Passion and Trust
- Ability to establish relationships and rapport with all levels of personnel, including executive and other levels of management, company employees, vendors, clients and members
- Excellent team player; able to work with all levels of management and across all business units
- Ability to effectively balance multiple tasks and meet deadlines
- Organized, attention to detail, and able to demonstrate good time and project management skills
- Ability to communicate effectively in both verbal and written formats; exhibits a process mindset and is capable of writing quality process and control documentation.
- Keep appropriate parties informed and up-to-date for the status of audits and other projects
- Communicate and convey complex technical issues in simplified or appropriate terms to the meet the audiences needs
- Self-starter, detailed, process-oriented, and the ability to maintain quality work papers to meet IIA and internal audit standards.
- Project a professional demeanor and have the ability to handle confidential matters with utmost integrity
- Ability to exercise discretion and good judgment in making decisions; strong problem solving, reasoning, and analytical skills
- Ability to maintain confidentiality of materials handled
- Possess an understanding for the roles and processes of other functional departments as well as their business initiatives.
- Inquisitive and strong ability to research and gather information from both business and IT functions
- Ability to travel as needed to successfully perform position responsibilities