It Auditor

The right candidate will support the IT Audit Manager in assessing financial, operational, and regulatory risks relating to the companys use of information technology, evaluating controls over information systems, and providing control recommendations to IT Management and Internal Audit to reduce risks deemed unacceptable. The Senior IT Auditor analyst demonstrates a thorough understanding of the concepts, terminology, capabilities, and applications of technology, security risks, and control risks associated with various IT architectures.
Essential Duties and Responsibilities

• Assesses IT risks through control auditing practices:
  • Documents IT processes
  • Conducts tests of Sarbanes-Oxley (SOX) IT controls
  • Conducts tests of non-SOX IT controls
  • Documents test activities and results
  • Reports test results to IT management and Internal Audit
• Develops and Implements controls and Risk Management initiatives:
  • Provides control recommendations to IT Management and Internal Audit
  • Develops policy and standards in accordance with IT Governance
  • Designs frameworks and procedures in accordance with IT Strategy
• Subject areas include:
  • IT Risk Assessment
  • IT Security (Logical, Network, Physical)
  • Change Management (Software, Hardware)
  • BCP / Disaster Recovery / Data availability
  • Software Acquisition and Development
  • Sarbanes-Oxley Compliance
  • General Controls and Application Controls

Qualifications
Education and/or Experience

• Bachelor's degree (B. A.) from four-year college or university in Audit, Computer Science, or Management Information Systems
• 3 + years experience in IT Audit or IT Risk Management
• Extensive knowledge of IT controls and best practices
• Extensive knowledge of the IT Governance Institutes Control Objectives for Information and related Technology (COBIT) framework for IT governance
• Extensive knowledge of the Sarbanes-Oxley Act of 2002
• Possess a proven track record in the preparation/development of documentation and testing of internal controls and systems
• Excellent written communication skills
• Excellent relationship management skills
• Ability to communicate effectively with internal management as well as external firms
• Disciplined self starter who can work with minimal supervision
• Familiarity with the IBM AS/400 security environment
• Familiarity with auditing ERP applications
• Preferred:
  • Professional certification (CISA, CIA, CISM) highly preferred
  • Big four experience
  • JDE application testing experience