The Senior IT Auditor is responsible for planning and performing independent, risk based assurance and consulting activities related IT internal processes, controls, risk management and governance activities, in while adding value and improve BECU’s operations. This ideal candidate must be technically proficient, creative, forward-thinking and comfortable taking difficult positions while maintaining effective relationships with their primary customers. All activities will be carried out in accordance with the Institute of Internal Auditor’s Professional Practices Framework, ISO/IEC 27001:2013 NIST Cybersecurity Framework as well as the COSO Internal Control – Integrated Framework.
- Perform all responsibilities in accordance with BECU Competencies and Information Protection requirements.
- Plan and perform risk based assurance (audits) and consulting engagements that add value and may improve BECU’s operations, consisting primarily of performing risk assessments and internal control evaluations on new and existing processes.
- Oversee remediation efforts to ensure management actions effectively address issues, align IT with designated control framework and instill efficiencies into IT processes.
- Establish and maintain partnerships with internal customers, based on credibility and trust, as well as understanding business objectives, and processes.
- Maintain an independent outlook while conducting all assurance activities.
- Maintain confidentiality and disseminate sensitive information only when appropriate.
- Utilize data mining tools to perform audit tests where relevant.
- Maintain understanding of all key regulatory and legal requirements relevant to internal customers’ processes.
- Make recommendations to improve the efficiency and effectiveness of your customers’ operations where possible, as well as in Audit Services.
- Conduct all activities in accordance with the Institute of Internal Auditors International Professional Practices Framework.
- Assist State and Federal Examiners and Public Accounting firm staff.
- Maintain effective communication with all Credit Union employees to ensure coordination and exchange of information for accomplishing Credit Union goals.
- For the purpose of attaining Credit Union goals, it is the responsibility of each employee to strive for the continuous improvement of processes and quality of service.
- Perform additional duties as assigned.
- Bachelor’s degree in Management Information Systems or other relevant discipline. Equivalent work and education-related experience will also be considered.
- Minimum of four years IT auditexperience or equivalent industry experience within IT with a focus on compliance required. Experience in a Credit Union or otherfinancial institution preferred.
- Experience with ACL or similar audit data mining applications as well as automated work papers strongly preferred.
- Designation as a Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA), or continuing education towards designation required.
- Continuing professional education program to ensure IT audit skills are up-to-date and optimized.
- In-depth understanding of information security and privacy requirements from a compliance and regulatory perspective.
- Familiarity with risk-based assurance and consulting activities including virtualized environments, cloud-based hosted services and hybrid solutions based on NIST Cybersecurity framework, ISO:IEC 27001:2013, as well as the COSO Internal Control – Integrated Framework
- Excellent customer service skills, including the ability to communicate difficult or sensitive information effectively. This also includes negotiation and problem solving skills.
- Proficient verbal and written communication skills to effectively communicate in the English language.
- Ability to design and perform audits and new systems implementation reviews of information systems in a multi-platform computing environment.
- Detail oriented, with a high degree of accuracy and to plan, organize, and implement projects in a timely manner.
- Full time hours required, with additional hours as necessary.