Job Description
Essential Duties and Responsibilities
- Assesses IT risks through control auditing practices:
- Documents IT processes
- Conducts tests of Sarbanes-Oxley (SOX) IT controls
- Conducts tests of non-SOX IT controls
- Documents test activities and results
- Reports test results to IT management and Internal Audit
- Develops and Implements controls and Risk Management initiatives:
- Provides control recommendations to IT Management and Internal Audit
- Develops policy and standards in accordance with IT Governance
- Designs frameworks and procedures in accordance with IT Strategy
- Subject areas include:
- IT Risk Assessment
- IT Security (Logical, Network, Physical)
- Change Management (Software, Hardware)
- BCP / Disaster Recovery / Data availability
- Software Acquisition and Development
- Sarbanes-Oxley Compliance
- General Controls and Application Controls
Qualifications
Education and/or Experience
- Bachelor's degree (B. A.) from four-year college or university in Audit, Computer Science, or Management Information Systems
- 3 + years experience in IT Audit or IT Risk Management
- Extensive knowledge of IT controls and best practices
- Extensive knowledge of the IT Governance Institutes Control Objectives for Information and related Technology (COBIT) framework for IT governance
- Extensive knowledge of the Sarbanes-Oxley Act of 2002
- Possess a proven track record in the preparation/development of documentation and testing of internal controls and systems
- Excellent written communication skills
- Excellent relationship management skills
- Ability to communicate effectively with internal management as well as external firms
- Disciplined self starter who can work with minimal supervision
- Familiarity with the IBM AS/400 security environment
- Familiarity with auditing ERP applications
- Preferred:
- Professional certification (CISA, CIA, CISM) highly preferred
- Big four experience
- JDE application testing experience