Senior IT Auditor Specialist

Senior IT Auditor Specialist

Location:

Boston, MA / Charlotte, NC / Milwaukee, WI

As a Senior IT Auditor Specialist at Allspring Global Investments, you will work closely with the Head of Internal Audit IT & Analytics. You will foster a collaborative environment that promotes timely communication and strong cooperation between business and independent risk and compliance teams. You will play a crucial role in enhancing our risk and control culture and implementing sound control management practices.

The hybrid working model requires working in office 4 days per week.

• Conduct comprehensive risk-based IT audits covering IT general controls, application controls, infrastructure, cybersecurity, and technology processes supporting investment and fund operations.
• Assess design and operating effectiveness of controls across systems supporting front-, middle-, and back-office operations.
• Evaluate technology risks related to cloud platforms, data management, automation, and third‑party/vendor relationships, and provide pragmatic recommendations.
• Develop detailed audit work programs, perform walkthroughs, test controls, and document audit results in accordance with IIA standards.
• Communicate audit findings, risk implications, and recommendations to senior management clearly, concisely, and in an actionable manner.
• Monitor and track remediation of audit issues, validating corrective actions and reporting status to leadership as appropriate.
• Collaborate with business, technology, risk, compliance, and external stakeholders within a highly matrixed organization.
• Contribute to continuous improvement of the IT audit methodology, tools, and the use of data analytics or automation where appropriate.
• Collaborate closely with senior leaders across Allspring to develop and implement effective company control strategies.
• Build professional and credible relationships with various functional areas within the business.

• Minimum of 10 years progressive experience in IT audit, technology risk or internal controls, preferably within asset management, financial services or investment management.
• Bachelor’s degree in Information Systems, Accounting, Finance, Computer Science or a related field.
• Strong knowledge of IT general controls, application controls, SDLC, change management, access controls and infrastructure controls across on‑prem and cloud environments.
• Deep or expert knowledge in auditing systems and processes supporting investment operations, portfolio management, trading, valuation, fund accounting and financial reporting.
• Proven ability to assess risks associated with emerging technologies, including cloud platforms (AWS/Azure), data analytics, automation and third‑party/vendor risk.
• Professional certification(s) required or strongly preferred (e.g., CISA, CIA, CISSP) with commitment to ongoing continuing education.
• Hands‑on familiarity with regulatory and compliance frameworks relevant to asset management (e.g., SOX, SOC 1/2, SEC regulations, NIST, COBIT, ISO 27001).
• Excellent written and verbal communication, presentation and time‑management skills, and the ability to thrive in a fast‑paced environment and consistently deliver results to senior management and key stakeholders.
• Strong project management, analytical and judgment skills, with the ability to work independently, prioritize competing deadlines and lead audit engagements end‑to‑end.

• Master’s degree in business administration or a related field, or equivalent experience.
• Prior experience auditing asset management, investment management, private equity or wealth management environments.
• Exposure to front, middle and back office systems (e.g., OMS, PMS, trading platforms, fund accounting, risk, valuation).
• Experience supporting SOX, SOC 1/SOC 2 reliance or regulatory examinations (e.g., SEC, FINRA) within a financial services environment.
• Proficiency in data/predictive analytics, continuous auditing techniques, audit automation or visualization tools (e.g., ACL, Python, Power BI, SQL).
• Experience evaluating cybersecurity, cloud security or technology risk management programs in mature control…