Audit; IT Manager
Listed on 2026-07-01
-
IT/Tech
IT Business Analyst, Cybersecurity
Location: New York
Hours of Work
9:00 am - 5:30 pm (7.5 hours/day) or as required.
DescriptionJob Title: Audit (IT) Manager
Dept/Div: Audit Services
Supervisor: Assistant Auditor General
Work Location: 2 Broadway, New York, NY 10004
Full/Part-Time: Full
Salary: $125,053
Deadline: Until filled
Position eligible for telework – one day per week. New hires may apply 30 days after effective date of hire.
The Metropolitan Transportation Authority (MTA) is North America's largest transportation network, serving a population of 15.3 million people in the New York City area and surrounding regions. The MTA network includes the nation’s largest bus fleet and more subway and commuter rail cars than all other U.S. transit systems combined. MTA strives to provide a safe and reliable commute, excellent customer service, and rewarding opportunities.
Job SummaryLead risk‑based IT audits, plan and execute audits covering general controls, application controls, cybersecurity, cloud (IaaS/PaaS/SaaS), identity and access management, network and endpoint security, databases, and data governance. Assist and support the Director/Assistant Auditor General in performing duties and act on the Director’s behalf in the Director’s absence. Coach and develop audit staff as required.
Responsibilities- Lead risk‑based IT audits: develop plans, execute audits, and manage delivery of findings.
- Audit Planning & Scoping: develop risk‑based engagement‑level audit plans, define objectives and scope, perform preliminary risk assessments, and establish detailed testing programs.
- Control Testing & Analytics: design and perform control tests using appropriate sampling and data analytics (ACL, IDEA, SQL, Python) to increase coverage, depth, and efficiency.
- Frameworks & Compliance: assess control maturity against NIST, COBIT, ISO 27001, ITIL, and relevant regulatory requirements.
- Cloud & ERP Focus: evaluate controls in major systems (AWS/Azure, enterprise applications/ERPs) including change management, configuration, interfaces, and data integrity.
- Cyber & Third‑Party Risk: perform audits of cybersecurity controls, incident response, vulnerability/patch management, and third‑party/vendor risk.
- Issue Management: identify root causes, quantify impact, recommend remediation, track action plans, and timely closure; escalates risks appropriately.
- Reporting & Communication: draft clear and concise audit reports; present findings to IT, business leaders, senior management, and board‑level committees.
- Stakeholder Engagement: build collaborative relationships with key stakeholders from IT, Legal, and other agency leadership; translate complex technical issues into business terms.
- Quality & Standards: ensure audits comply with the IIA’s IPPF and internal methodologies; contribute to methodology updates and audit tool optimization.
- Team Leadership: supervise auditors; provide coaching, on‑the‑job training, performance feedback, and foster continuous improvement.
- Continuous Auditing/Monitoring: implement continuous auditing and data‑driven risk indicators to proactively detect anomalies.
- Other duties as assigned.
- Compliance with policies and standards.
- Work outside regular hours as required.
- Observe contractors’ work, review invoices, and address contractor performance issues where applicable.
- Escalate issues to other parties when needed.
- Demonstrated ability to work with all levels of the organization.
- Excellent analytical and business judgment skills.
- Proven ability to manage multiple projects simultaneously in a fast‑paced environment.
- Understanding of professional audit practices, including audit program and workpaper development.
- Excellent communication and interpersonal skills.
Education and Experience
- Bachelor’s Degree in Arts/Sciences (BA/BS) Accounting, Business Administration, Computer Science, Information Technology, or a related field; an equivalent combination of education and experience may be considered in lieu of a degree.
- Minimum 8 years of satisfactory full‑time experience conducting IT audits in internal audit, public accounting/consulting, or a similar role within a complex organization.
- Strong knowledge of IT general…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).