Sr. IT Auditor

Job Summary

Reporting to the Manager, IT Audit, the Senior Auditor’s main responsibility will be to lead projects with the objective of evaluating, designing and testing the control environment of the Company as it relates to IT Controls. The Senior Auditor must work well independently, prepare work papers, communicate findings, formulate recommendations and draft reports. The position will work closely with the IT/Info Security, Compliance, Audit Services, and SOX finance teams in order to meet compliance objectives and requirements.

Secondary to internal controls auditing, the Senior Auditor will have a lead role in performing IT and Information Security audits in accordance with the annual audit plan. The Senior Auditor will also be responsible for documenting audit results, preparing audit work papers, and communicating audit findings to internal audit management, external auditors and other key stakeholders within the business.

This position requires the ability to work in a complex and dynamic business environment with the flexibility to work in different countries and in a multicultural environment. The position will be U.S. based.

Essential Job Functions

• Internal Controls Auditing:
o Supervise and confirm process mapping with process owners.
o Identify control objectives and related controls within business processes.
o Lead the evaluation of control design and identify control gaps.
o Coordinate the development of work programs to test the operating effectiveness of controls.
o Execute specific test steps and document results.
o Communicate test results and identify control deficiencies.
o Collaborate with process owners on status of control testing.
o Formulate recommendations to improve internal control processes and other value adding opportunities, as appropriate.
o Lead process evaluations and identify opportunities to create efficiencies or improve efficiency.
o Follow-up on outstanding action points within an agreed timetable and ensure that all issues are closed in a timely fashion.
o Coordinate the development of new work programs as required, and take steps to consolidate feedback on the improvement of current work programs.

• IT / Information Security Auditing: 25%
o Assist in the determination of the annual audit plan and the creation of relevant audit programs.
o Document audit testing and results that are to be reviewed by management.
o Communicate and discuss preliminary audit findings with IT owners, management and the Manager, IT Audit.
o Provide guidance to IT owners regarding proper procedures and remediation efforts.

Travel Requirements

Candidate must have the ability to travel 10-15% during the year and potentially multiple weeks at a time. Most travel is domestic but international travel may be required occasionally.

Qualifications and Experience

• BA/BS degree in Management Information Systems, Computer Science, or related field
• 5 years of relevant experience in a similar internal audit, external audit, Information Technology or Information Security role
• Knowledge of multilayer and multi-technology networks, system, application, and database security, Information Security benchmarks (NIST, CIS, ISACA), privacy laws, Information Security risks and trends
• Experience with infrastructure technologies diverse operating systems (e.g., Virtualization, z/OS, z/VSE, UNIX/Linux and Windows platforms), Cloud security architecture, Network security devices (e.g.,firewalls, intrusion detection and prevention systems, proxies, network taps), and relational databases (e.g., Oracle, Microsoft SQL, AS400, DB2, IBM Mainframe)
• Understanding of Information Security industry auditing tools (e.g., Nessus, IBM AppScan, CIS Benchmarking Tool, Rapid 7, Symantec Control Compliance Suite CCS)
• Understanding of Backup and Recovery best practices and methodologies as well as the industry technologies utilized (e.g.,NetBackups)
• Understanding of PCI, ISO/IEC 27000 series, ITIL and COBIT standards, European data protection (e.g., GDPR), IT infrastructure and processes, IT governance, project management, principles of internal controls
• Ability to independently evaluate controls over security processes, infrastructure, network, applications and databases according to established timetables and requirements
• Security and Audit certifications (e.g., CIPP, CISSP, CISM, or CISA) are highly desirable
• Working knowledge of relevant data analytics tools such as ACL / IDEA; SQL or scripting knowledge a plus
• Working knowledge of relevant auditing tools is desirable
• Aptitude for business processes and controls and an understanding of how IT supports and impacts business functions
• Team player with a positive “can do” attitude, willingness to learn new concepts in a fast paced environment, be a self-starter, and accept responsibility to meet deadlines
• Strong verbal and written communication skills

Complexity

The Senior Auditor must be able to work independently, as well as, collaboratively with the internal and external business personnel. The position required the ability to multitask and to work with deadlines and under pressure. The candidate must be able to execute audit procedures/test steps, formalize audit requests, and communicate findings. The Senior Auditor is responsible for the preparation of final work papers. Work papers and reports prepared by the Senior Auditor are reviewed by the Manager of IT Audit. The work papers and findings formalized by the Senior Auditor are presented to the external auditor, and all findings are communicated to Internal Audit and relevant business stakeholders.