IT Auditor

Job Summary:

Provides independent assurance and collaborative advisory services applying a global perspective to support risk management and process improvements. Fosters the ethical climate of the organization in a manner that sustains trust and reinforces the reputation of internal auditing and provides value to the organization. Addresses the key risks faced by the company and supports the requirements of management, the global audit charter, and the charter of the audit committee. Perform comprehensive internal audits that provide impartial objective analyses and recommendations. Reporting to Global IT audit director, the role will help ensure internal controls are appropriately designed and operationally effective. The role provides opportunity to work with audit team members in multiple regions, and to engage with variety of business units, as well as with executive leaders. Global audit department provide ongoing learning opportunities to brush up on the latest trends and skills.

Principal Responsibilities:

• Planning audit field work, including obtaining background information on the function being audited, researching the best practices, understanding of risk and control assessment, defining the audit scope, objectives and execute work programs.
• Performing the audit fieldwork, including documenting work papers, advising management of gaps identified throughout the audit, and working with management to identify solutions to control gaps.
• Writing clear and concise audit reports to executive management to gain commitment of the action plans which mitigate control gaps or ineffective controls, maintaining effective relationships with process owners and second line of defense. Performing timely follow up work to ensure action plans implemented minimizes the risks.
• Researching best practices and evolving technologies to apply as appropriate. Develop and maintain skills necessary to understand and respond to business needs. Able to grasp new concepts quickly.
• Work with global teams, involving multiple time zones. Audit work is generally completed in teams of 1 to 3 auditors.
• Flexibility is required when working with teams in other time zones (e.g., US, Europe, and Asia time zones).

Job Level Specifications:

• Self-starter who excels working with little supervision.
• Work is performed independently requiring judgment and discretion, able to multi-task and prioritize workload.
• Strong verbal and written communication skills, including report development, management reporting, and reporting to audit leadership team.
• Strong analytical and organizational skills. Positive attitude, pro-active and resourceful.    
• Evaluate the adequacy and effectiveness of IT General Controls and IT application controls in accordance with SOX 404 requirements.
• Evaluate the design and operational effectiveness of the PCI DSS requirements.
• Knowledge of one or more IT governance and security standards such as NIST, ISO27001, COBIT, ITIL, GDPR, and CMMC.
• Ability to plan and execute risk-based audits in IT applications, infrastructure, cyber security (e.g., vulnerability management, web security, end-point protection, security event monitoring), cloud infrastructure and applications.

Work Experience:

• 2 to 5 years with bachelor’s or equivalent.
• 2 to 3 years of Big4 or public accounting experience.

Education and Certification(s):

• Bachelor’s degree in computer science, Computer Information Systems or equivalent from which comparable knowledge and job skills can be obtained.
• One or more professional certifications such as CISA, CISM, CRISC, CIA is mandatory.
• Cyber security or cloud technology related certifications such as CISSP, CEH, CCSK, Azure Fundamentals is a plus.   

The above statements are intended to describe the general nature and level of work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills.