IT Audit Manager

Let’s be #BrilliantTogether

The ISS STOXX Internal Audit department is seeking an experienced Information Technology (IT) Audit Manager to join the team.

Reporting to the Head of Internal Audit, this role will contribute to both the strategic direction and day-to-day execution of the Internal Audit function. The IT Audit Manager will play a key role in planning, managing, and executing IT and cybersecurity-related audit engagements, including developing audit strategies, designing work programs, testing controls, preparing reports, and following up on action plans to address audit findings.

This position will also take the lead in driving technological advancements within the Internal Audit function, such as incorporating data analytics into audit methodologies and improving efficiency. The ideal candidate will have extensive audit experience, a strong understanding of IT processes and controls, and working knowledge of relevant IT frameworks.

Additionally, the IT Audit Manager is expected to demonstrate flexibility and a collaborative mindset, supporting broader audit work across operational, compliance, and financial areas, as well as contributing to special projects as assigned. Professionalism, strong communication skills, and a proactive approach to problem-solving are essential for success in this role.

Responsibilities

• Manage the IT audit process and review of the overall information technology operations, including cyber security

• Design and successfully execute IT audit reviews by developing engagement audit strategy and approach, crafting work programs and procedures, conducting actual testing, communicating audit results, and following up on finding corrective action plans

• Effectively communicate audit issues and related recommendations in both technical and non-technical terms to auditees and Senior Management

• Participate in annual audit planning and risk assessment process through development of audit universe, collaboration with auditees to understand IT environment, and assessment of associated risks

• Advise and collaborate with key stakeholders regarding IT Risk, Cyber security, Compliance, internal controls, and process improvement opportunities

• Supervise and manage other internal auditors

• Spearhead any initiatives on technological advancement and efficiencies within the Internal Audit function (e.g., Data Analytics) and develop capabilities of the team in the use of these tools

• Serve as knowledge resource of IA team on technology. Ensure the transfer of knowledge and development of other team members including maintaining awareness of changes in IT industry

• Participate in non-IT Audit reviews (e.g., Operational, Compliance, and Financial audits) as necessary to provide IT-specific expertise

• Perform special projects and other duties as assigned

Required Qualifications

• Bachelor’s degree in Information Systems / Information Security / Computer Science / Accountancy / Finance or related field (Advanced education degree a plus)

• At least 8 years of work experience in IT audit or other relevant experience

• Experience with non-IT process reviews and/or integrated audits

• Strong working knowledge of the following IT-related processes: a) IT General Controls; b) Cyber/ Information Security and Data Privacy; c) IT Operations; d) IT Governance and risk management process; e) Business Continuity Management; f) Systems Development Life Cycle; g) Change Management; h) IT Application Controls; i) Cloud-related technology processes

• Strong familiarity with IT control frameworks and standards such as COBIT, ITIL, NIST-CSF, and ISO 27001

• Proven ability to identify IT and information security risks in complex technology environment and recommend  controls to mitigate the risks

• Strong project management skills with proven ability to effectively manage time, prioritize, and handle multiple concurrent tasks

• Experience supervising and managing less experienced auditors

• Excellent English written and verbal communication skills (German language skills are a plus)

• Proficient in MS Office suite

Preferred Qualifications

• Professional certification in IT audit, IT risk and governance, and/or Information Security (e.g., CISA/ CISSP/ COBIT5/ ISO 27001 Lead Auditor/ CRISC)

• CPA/CIA certifications are a plus

• Audit experience in Financial Services industry (global firm or shared service set-up)

• External or Internal audit firm experience in Risk/ IT Advisory services

• Working knowledge of SOC1, SOC2 and/or data privacy reviews

• Experience in development, integration, and application of data analytics in audit methodology

• Experience in annual audit planning and risk assessment exercise

• Highly proficient in Excel, knowledgeable in the use of audit analytics tools (ACL/ IDEA/ Power BI/Tableau) and other internal audit tools

#LI-RH1 #STOXX #MIDSENIOR #IT

What you can expect from us

Our people are the moving force behind ISS STOXX. We are dedicated to hiring the best, most talented people in our industry and empowering them with the resources and support to enhance their career, health, financial and personal well-being. 

We are committed to fostering, cultivating, and preserving a culture of diversity and inclusion. We are invested in our people and are working every day to ensure a diverse, equitable, and inclusive workplace.

Let’s empower, collaborate, and inspire one another. 

Let’s be #BrilliantTogether.

About ISS STOXX

ISS STOXX GmbH is a leading provider of research and technology solutions for the financial market. Established in 1985, we offer top-notch benchmark and custom indices globally, helping clients identify investment opportunities and manage portfolio risks. Our services cover corporate governance, sustainability, cyber risk, and fund intelligence. Majority-owned by Deutsche Börse Group, ISS STOXX has over 3,400 professionals in 33 locations worldwide, serving around 6,400 clients, including institutional investors and companies focused on ESG, cyber, and governance risk. Clients trust our expertise to make informed decisions for their stakeholders' benefit. 

Visit our website: https://www.issgovernance.com       

View additional open roles: https://www.issgovernance.com/join-the-iss-team/      

Institutional Shareholder Services (“ISS”) is committed to fostering, cultivating, and preserving a culture of diversity and inclusion. It is our policy to prohibit discrimination or harassment against any applicant or employee on the basis of race, color, ethnicity, creed, religion, sex, age, height, weight, citizenship status, national origin, social origin, sexual orientation, gender identity or gender expression, pregnancy status, marital status, familial status, mental or physical disability, veteran status, military service or status, genetic information, or any other characteristic protected by law (referred to as “protected status”).  All activities including, but not limited to, recruiting and hiring, recruitment advertising, promotions, performance appraisals, training, job assignments, compensation, demotions, transfers, terminations (including layoffs), benefits, and other terms, conditions, and privileges of employment, are and will be administered on a non-discriminatory basis, consistent with all applicable federal, state, and local requirements.