Manager, IT Audit

As an NRG employee, we encourage you to take charge of your career and development journey. We invite you to explore exciting opportunities across our businesses. You’ll find that our dynamic work environment provides variety and challenge. Your growth is key to our ongoing success—take the lead in shaping your career development, goals and future!



Job Summary

The Manager, IT Audit, will be responsible for execution of assigned IT SOX testing, IT operational audits, administration of the department audit management system, and development of audit staff. Under direction of the Director, provide an independent and objective opinion on the overall effectiveness and efficiency of the company’s system controls in mitigating business risks to achieve NRG’s strategy and performance objectives.

Provide additional assurance services as requested by the Audit Committee of the Board of Directors or Senior Management.

Essential Duties/Responsibilities

• Perform IT SOX control testing and review, document work papers and issues, system scoping, and coordinate with external auditors.
• Manage the effective and timely execution of IT internal audit projects end to end as assigned from the NRG internal audit plan, including all phases of the audit lifecycle.
• Assist the Director in management, supervision, training, and development of IT audit staff.
• Participate in audit department planning activities including scheduling testing and staffing, budget preparation, risk assessment, and other IT Audit related duties as needed.
• Plan testing activities throughout the year and regularly report on status to Internal Audit management and other stakeholders.
• Maintain a thorough understanding of IIA and ISACA professional auditing standards and best practice audit procedures and techniques.
• Proactively interact with all levels of management to gather information, resolve problems, and make recommendations for process and control improvements.
• Assist department with management of Audit Board, data analytics and AI initiatives, department SharePoint and system access.

• Bachelor’s degree required, with a focus in information systems or computer science preferred, and four or more years of IT Audit or relevant experience.
• Must have extensive knowledge of IT general controls, cyber security, data privacy, IT operations and governance.
• Proficiency in Sarbanes-Oxley compliance, advanced security concepts, emerging technologies, system implementations and project management.
• Excellent, proven communication skills required, ability to work and communicate effectively with all levels of clients including technical and non-technical clients, as well as work with teams cross-functionally.
• Robust qualitative skills, including demonstrated ability to write audit reports with minimal rework, proven ability to handle confidential and sensitive matters, capability to handle multiple assignments, meet deadlines and work under pressure in a fast-paced environment.
• Strong analytical skills and ability to solve problems and consider / develop alternative solutions.
• Motivated to work independently and complete responsibilities with little supervision yet work well and promote team-oriented culture.
• Highly proficient with Microsoft Office applications, audit management systems and other auditing and data analytics tools.
• Demonstrated attention to detail; this is a front-line manager position.
• Demonstrated high degree of ethics and strong sense of business judgment, and able to operate within NRG’s published core values.

• Certification related to IT security or auditing in one or more of the followings is preferred: CISA, CISSP, CISM.
• Experience working within a NERC CIP, PCI, NIST, COBIT, AI, ITIL and / or other leading business and IT controls frameworks.
• Demonstrable hands-on skills or knowledge for various technology areas such as key Information Security Topics (Identity and Access Management, Authentication Services, Dev Sec Ops , Encryption etc.), Operating Systems (UNIX/Linux, Windows), Cloud Technologies (AWS, Azure, Google Cloud, etc.), Networking Technologies (Software Defined Networking, Firewalls, etc.),…