Technology (IT) Auditor # 099581
Technology Auditors are responsible for planning, performing and reporting the results of IT audit work using the Internal Audit team's risk based audit approach. Work is performed under the direction of Technology Audit Managers, often in other IA locations, with close collaboration with other audit team members, including Financial audit, as part of an integrated audit approach, and may include individual or multiple auditor assignments.
- Comprehensive risk assessment and engagement planning. This entails:
- Providing technical leadership regarding assessments of the Bank's IT environment, including knowledge of IT control frameworks, key IT processes, relevant technologies, and design of IT audit control assurance tests. Support the development of technical subject matter expertise among others in the department.
- Obtaining an in-depth understanding of each business and/or function being audited.
- The identification and assessment of technology risks (including understanding the manner in which such risks are controlled and the audit approach required to ensure controls are appropriately designed and operating effectively); and
- Preparing documentation (work papers, planning documentation) that reflects the aforementioned information and assessments.
- Executing audit work. This encompasses the execution of the planned approach for the audit in a team-based environment, interacting closely with various levels of people throughout the Bank. In this regard, the auditor will execute IT control reviews, including assessments of IT infrastructure, systems security, system development practices, change and incident management processes, availability and recovery, and operational support procedures. This may entail audits covering various technology platforms (e.g., hosting, e-commerce, cloud, networking, computer security, etc.), as well as business applications in an integrated manner with business auditors. Audit also periodically conducts thematic regional or global reviews to address key risk areas, which include special reviews mandated by the Audit Committee and/or Executive Board.
- Developing, presenting and finalizing audit reports. This process entails the initial drafting of the report, discussion with management to confirm the factual accuracy, clearance, and coordination to obtain written responses to Audit's recommendations.
- Mentoring new hires to aid in their acclimation to the Bank and the manner in which the Department operates.
- Committing to and championing remote audit standard methodologies.
- Participating in the recruitment of other Technology Auditors.
- Supervising less experienced Auditors on multiple auditor assignments.
- Performing administrative duties as it relates to key responsibilities and participating in special projects as delegated by Department Management.
- Developing and maintaining relationships with Bank Staff and Management to facilitate active assessment of the Bank's risk profile and career development.
- Assessing personal development needs (e.g., training) in conjunction with Department Management.
- Undergraduate degree in Computer Science, Engineering, MIS, Accounting, Business Administration or related areas (Masters degree or equivalent a plus).
- At least 5 of related work experience in a technology audit or IT risk role; financial services experience preferred, but not required.
- Technical knowledge of cybersecurity risks and controls, as well as several of the following technologies: network devices, operating systems, databases, storage technologies, firewalls, intrusion detection/prevention systems, messaging systems, web application technologies, mobile platforms, DLP tools, cloud computing, etc.
- CISA, CISM, or CISSP certification or equivalent is a plus.
- Excellent communication and social skills.
- Outstanding organizational, time and project management skills.
- Ability to work independently and within a team environment.
- Willingness to travel (estimated at 10-15% annually).
- Highly motivated, pro-active and results-oriented professional.
- Knowledge of emerging IT risks.