Sr. IT Auditor / IT Audit Associate
The Internal Audit Function assists the Federal Reserve Bank of New York’s Board of Directors and senior management in the effective discharge of their fiduciary responsibilities by assessing the adequacy and effectiveness of the controls within Bank business areas over (1) financialreporting, (2) effectiveness and efficiency of operations, and (3) compliance with laws and regulations, as well as the adequacy of the Bank's risk management and governance processes. Audit also provides consulting services associated with change activities and new products to business areas. It adds value by providing objective, timely and relevant analyses, comments and recommendations through an integrated auditing approach.
The Audit Function currently has an opening for a senior IT auditor. The ideal candidate will have a strong understanding of technologyauditing concepts with experience in audits of IT processes (such as information security, application development, IT governance) and IT infrastructure (databases, networks, and operating systems). Additionally, knowledge and experience in auditing complex technology projects is desirable. Responsibilities for this role will include functioning as auditor in charge and leading audit teams of 3-5 auditors as well as participating as a team member in audits led by other leads.
This role provides exposure to multiple business units across the Bank and the selected candidate will actively partner with senior stakeholders to facilitate their respective audit plans. The skill set and senior-level relationships developed in the role provide opportunity for advancement and upward mobility within the audit department.
- Lead and/or participate in technologyaudits, technology project reviews, and technologyaudit work in audits of business processes (integrated audits), to identify and evaluate key operational risks and related controls.
- Engage with the Bank’s stakeholders to stay informed of changes and new initiatives within the business and technology areas and sharingaudit perspectives relating to risk identification and mitigation
- Develop new audit techniques, revise existing procedures and perform risk analyses of areas in order to determine the frequency of audits.
- Identify and analyze complex issues, problems and improvement opportunities and develop conclusions and recommendations.
- Verify or review audit evidence, prepare audit plans, workpapers, findings, status reports and auditreport.
- Communicate audit results to Audit supervision and senior management and client area management.
- Perform or lead follow-up reviews to ensure that appropriate corrective actions have been implemented by client management.
- Assist in training and developing junior auditors.
- Perform related duties as required.
- Maintain effective working relationships with assigned business area(s)
Knowledge and Experience;
- 5+ years of risk-focused internal auditexperience, with strong ability to understand and review both financial and automated risks and controls within business processes in an integrated fashion
- Strong experience in technologyauditing to include applications development, technologyinfrastructure (such as databases, operating systems, networks), information security, change management and business continuity planning & disaster recovery
- Knowledge and experience in performing audits of technology projects and programs (SDLC reviews)
- Strong knowledge of technologyrisk management principles and an understanding of relevant standards like COBIT, ITIL, ISO 27001 and NIST Cybersecurity Framework.
- Strong knowledge of risk management principles
- Experience with IT concepts, business applications and related controls.
- Proven ability to design and execute audit plans, procedures and testing for control compliance and core operational / financialaudits.
- Experience assessing the adequacy of the internal control environments through the identification of inherent risks in the business and key controls designed to mitigate those risks
- Proven experience working cooperatively in a team environment with the ability to build collaborative relationships.
- Strong written and verbal communication skills
- Strong presentation, facilitation and project management skills, including the ability to conduct effective meetings with senior management
- Strong critical thinking skills, including the ability to assimilate new information, make sound decisions and manage multiple tasks.
- Flexibility to adapt to new situations, including ability to travel throughout the Second Federal Reserve District and to other Federal Reserve Banks as needed and to represent the Department and Bank on various Federal Reserve System committees
- Bachelor’s Degree in a related field, IT concentration highly desirable; Master’s Degreepreferred
- Professionaldesignation in, or ability to begin or complete a program to achieve, one or more of the following certifications within 180 days:
- Certified Internal Auditor (CIA)
- Certified Information Systems Auditor (CISA)
- Certified Public Accountant (CPA)
- Certified Information Systems Security Professional (CISSP)
- Project Management Professional (PMP)
- Demonstrated strong analytical skills, including ability to analyze business and financial activities, understand and describe process flows, strengths and weaknesses, and develop creative solutions to improve efficiency and effectiveness
- Proficiency in PC applications, with demonstrated ability to develop and apply spreadsheets, database and research tools and graphic presentations.