Senior Internal Auditor

The SR Internal Auditor (IT) is responsible for executing and, at times, leading assigned information technology audits under the direction of the Internal Audit Manager. This position will participate in audits that include a wide array of technology processes such as cloud migration and operations, information security operations, infrastructure design and management, software development lifecycle, business continuity and disaster recovery planning, etc.

The primary focus of this position will be assisting in the execution of the annual audit plan, including financial audit engagements, such as the integrated audit and SOX (testing of IT General Controls and financial application controls), and other information technology-related operational audits and reviews.

• With general guidance, conduct risk-based audits, including all aspects of the audit lifecycle, including risk assessment, planning, client coordination, fieldwork, data analysis, workpaper documentation, reporting, and remediation validation, with direction from senior team members.
• Audit engagements will have a strong focus on information technology and information security controls including evaluation of the design and effectiveness of internal controls. Auditor will also focus on the integration of IT and business process risk considerations within the audit process.
• Evaluate key information security risks including confidentiality, integrity and availability of technology components through review of security operational processes, such as vulnerability management, penetration testing, security logging and monitoring, security incident response, and defense in depth strategies.
• Ensure audit testing work papers are documented in a consistent and high quality manner while executing project tasks in adherence to established timelines.
• Reviews work completed by outsourced resources as needed.
• In coordination with the Internal Audit Manager, evaluate root cause factors for audit testing exceptions and recommend practical solutions that reduce risk and strengthen business process and controls.
• Monitors open audit issues and reviews remediation activities implemented by Management.
• Demonstrate an understanding of IT managed processes, including technology architecture, system build and provisioning, configuration management, performance monitoring, incident management, change management, user access management, disaster recovery, etc.
• Information security operations, including vulnerability management, penetration testing, centralized log management, customized security monitoring/alerting, threat intelligence practices and security incident response
• Application security, including secure coding practices, segregation of duties and least privileged access concepts
• Integration of business process controls with supporting technologies. Business process workflow documentation, including identification of key risks and the corresponding business and technology controls
• Systems development, project management and change management
• IT and cloud infrastructure design, management and operations
• Business continuity and disaster recovery
• SOX and SSAE
  18/SOC control testing
• Demonstrate strong project management and execution skills, including prioritizing tasks, balancing workload, anticipating next steps, and adapting to change.
• Tailor project approaches based on areas of key risks; critically evaluating audit procedures to maximize the value of each audit project.
• Effectively communicate risks, requirements, audit findings, and recommendations verbally and in writing.
• Collaborate with management and senior leadership to improve internal controls and processes.
• Support Internal Audit’s brand within the company through meaningful relationship building.
• Travel, as needed (