General Information
Description and Requirements
Virtual within a commutable distance of Cary NC or living on the East coast.
Role Value Proposition:
Internal Audit (IA) is an independent global organization that plays an important role in partnering with the business to ensure that management anticipates, recognizes, and appropriately manages risks. We protect MetLife and our stakeholders through meaningful independent assurance and advice, while advocating for risk management and internal controls.
Audit reviews may be conducted in specialized areas, such as cybersecurity, IT risk management, enterprise architecture, applications, infrastructure, and vendor management, requiring specific knowledge pertaining to the areas, policies or regulations being audited.
We’re looking for an experienced Senior IT Auditor that’s excited to be part of a dynamic and highly collaborative team. Someone that is comfortable sharing their ideas and is passionate about building client relationships and delivering high quality impactful results to stakeholders.
Key Responsibilities:
Auditing
- Lead walkthroughs of technology governance, processes, controls, and platforms and tools, to ensure compliance with MetLife Policy, use of compliant best practices, procedural efficiency, and accuracy.
- Contribute to and prepare reports of audit findings for the IA Plan Owner/Sub-Function Leader. Assess and propose recommendations on management’s remediation activities and shares insights regarding potential solutions.
- Be aware of and understand the IT audit universe at a high level and how the audit projects align with and impact the risk assessments.
- Efficiently execute and document audit and issue remediation testing and document findings in the audit system.
- Prepare audit deliverables that meet departmental and professional standards of quality.
- Develop experience and auditing skills to cover a broad range of risks, including IT and business processes, technology, and data.
Project Management
- Participate in projects, completing assigned tasks and responsibilities within budget and agreed timelines.
- Communicate timely and appropriately with identified stakeholders within IA and business management. Exercise quick escalation to resolve project barriers and challenges.
Relationship Management
- Interface with auditees to request and organize evidence during audit work and track follow ups and outstanding/unresolved items.
- Consult with clients in developing action plans to resolve control issues or risks
- Maintain a positive working relationship with fellow auditors and auditees, sustaining ongoing relationships with key business contacts.
Essential Business Experience and Technical Skills:
- At least three (3) years IT internal audit, external audit, controls assessment, or security assessment experience.
- Strong written and verbal communications skills, including listening and interviewing skills.
- Possesses fundamental understanding of: IT general controls (e.g., security, change management, disaster recovery & backup, infrastructure, etc.); SDLC/Agile methodologies, cybersecurity, and cloud.
- Possesses awareness of operating system and database platforms (e.g., mainframe, Active Directory, Windows, Linux, Oracle, etc.); network architecture; IT governance processes; IT risk management and assessment processes.
- Possesses fundamental understanding of professional audit and control frameworks such as IIA, COBIT, NIST, SOX, and PCI DSS v3.
- Possesses general understanding of auditing practices including risk assessment, performing walkthroughs, sampling and testing methodologies, and analysis of results for potential exceptions/issues.
- Leverage access to data and analytics tools to analyze populations of data of basic to moderate complexity. Assess the results of analytics performed to draw control conclusions and identify areas of risk requiring additional research.
Preferred Business Experience and Technical Skills:
- Bachelor’s degree.
- Financial service industry experience.
- Working toward or willing to work toward CISA, CIA, or CISSP certification.
- Information Security, Network/Cybersecurity, or equivalent IT/Network Management experience.
This role is also eligible for annual short-term incentive compensation. MetLife offers a comprehensive benefits program, including healthcare benefits, life insurance, retirement benefits, parental leave, legal plan services and paid time off. All incentives and benefits are subject to the applicable plan terms.
Equal Employment Opportunity/Disability/Veterans
MetLife maintains a drug-free workplace.