Are you passionate about working in a complex IT environment where security and data privacy are a primary focus of the business model? Do you want to be a part of a dynamic, complex and recession proof environment working alongside top notch IT professionals? Do you want to join an established and well-respected internal audit team that add value to the organization and is deemed as the business’ trusted controls and compliance advisor? Are you available to be onsite (in Miami) and be mentored by VP’s and Chief Executives? If you answer yes, then continue reading...
About the Position
Our client, an investment management firm focused on investments in mortgages and consumer credit is seeking Senior IT GRC Auditor(s) to join their internal audit team. The ideal candidate will have strong experience cybersecurity frameworks (NIST, ISO 27001, FFIEC CAT), compliance (NY DFS), data privacy, process automation, cloud security and data analytics software (i.e. ACL). Effective communication, critical thinking, and analytical skills are vital to this position. This role will be responsible for managing and conducting IT audits, assessing IT security controls, ensuring compliance and enhancing the organizations security posture.
This position requires a highly analytical, detail-oriented professional with experience identifying risks, evaluating controls, and providing strategic audit recommendations to senior management.
What You’ll Do:
- Assist with Annual Risk Assessment & Audit Planning
- Attend interviews with Senior Management to discuss topics such as significant changes (people, processes, systems), strategic objectives, risks, and recommended audit focus.
- Assist in the annual risk assessment based on established methodology to determine audit priority
- Estimate the level of effort for each project by working with the team to identify the risks, scope, testing procedures and deliverables.
- Audit Execution – Planning
- Reviews the audit objectives and risks and works with the team to identify the detailed audit testing procedures
- Holds preliminary scoping meetings with the department head(s) stakeholders and determines the best path to test the audit objectives while addressing the key risks
- Estimates the level of effort to performing the audit and ensures the audit timeline is within the allocated annual budget timeframe
- Audit Execution - Risk & Control Evaluation
- Develops risk and control matrices to evaluate the design of key internal controls.
- Develops Audit Program and detailed fieldwork steps.
- Develops the auditee request for information (RFI).
- Leads the day-to-day audit procedures, performs detailed control testing procedures and documents tests results. Assesses the results of the test plans and provides audit recommendations in the detailed audit report.
- Audit Execution – Reporting
- Independently identifies meaningful control gaps and develops recommendations that promote continuous improvement in risk management capabilities and the internal control environment.
- Develops well-written audit reports that include a clear and concise summary of the scope of work performed, conclusions reached, and recommended control improvements noted.
- Audit Methodology & Tools
- Performs work consistent with the Company’s Internal Audit Procedures and the Institute of Internal Auditors’ (IIA) International Professional Practices Framework (IPPF).
- Contributes to ongoing improvements in internal audit methodology.
- Project Management, Communication, & Reporting
- Independently leads meetings to gather process understanding, provide audit status updates, and communicate audit results.
- Team & Personnel Development
- Pursues career development opportunities, including relevant training, professional certifications, and/or association memberships. Shares information gained with co-workers.
- Maintains all organizational and professional ethical standards, including consistently upholding all Company Tenets (humility, accountability, responsibility, creativity, awareness, suitability, reliability, diversity, integrity, fun, balance, and communication).
- Other duties as needed or required.
What you Need to Get Hired:
- 3-5 years of experience working with IT internal audit, risk and/or IT departments and performing readiness assessments or audits of business and IT functions, working in an IT GRC Compliance function for large scale organization, preferred
- Experience performing IT frameworks audits and IT risk assessments (e.g. NIST, ISO 27001, FFIEC CAT), compliance (NY DFS), data privacy, process automation, cloud security and data analytics software (i.e. ACL)
- Experience in Audit Execution, Methodology, & Tools
- Knowledge of, and ability to consistently apply, internal auditing principles and practices.
- Skilled in critically evaluating processes, risks, and controls.
- Demonstrates proficiency in documenting processes, risks, and controls in narratives, flowcharts, and workpapers.
- Moderate/Advanced Microsoft Excel abilities, including ability to perform data analysis using pivot tables, formulas, or macros. Working knowledge of other Microsoft Office applications (Word, PowerPoint, Visio).
- Data analytics software (i.e. ACL, Alteryx).
- Robotic process automation (i.e. UiPath).
- Artificial Intelligence (AI).
- Machine learning software.
- Enterprise audit-management software (i.e. AuditBoard)
- Project Management, Communication, & Reporting
- Able to leverage appropriate project management tools to monitor audit execution/timelines and provide transparent status updates to audit management.
- Capable of balancing multiple projects simultaneously through effective prioritization and multi-tasking skills.
- Skilled collaborator capable of effective interaction, negotiation, and problem resolution with audit and business personnel.
- Effectively able to lead meetings with team members and auditees and conduct process interviews/walkthroughs with business owners to gather needed information.
- Demonstrates effective business acumen and judgment that is recognized by audit and business managers.
- Able to develop, present, and assist in “selling” control improvement opportunities and business advice.
- Demonstrates proficiency in clearly and concisely documenting audit results in workpapers, memos, and audit reports.
- Team & Personnel Development
- Displays a strong work ethic.
- Ability to lead and motivate audit staff and be a “team player.”
- Experience working in, or adequate knowledge of, industries that include asset management, lending, and/or mortgage servicing a plus.
- Continually builds knowledge of the business and actively expands capabilities through research and focused training. Stays informed of new developments
Education and professional credentials
-
Bachelor's degree (in Management Information Systems, Information Technology, Computer Science, Accounting, Business Administration).
Preferred:
- “Big 4” IT Audit experience in financial services, preferred
- Certification as CISA, CISSP, and/or CISM – or committment to obtaining an appropriate professional certification
-
Familiarity with the following Institute of Internal Audit Standards (IIA)
3 - 5+ years of progressive Internal Audit leadership experience in a complex technology environment (Experience within IT Operations and/or IT Leadership roles within Infrastructure, Security, Application development considered a plus).
Travel Requirements
PHYSICAL DEMANDS AND WORK ENVIRONMENT:
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to sit and use hands to handle, touch or feel objects, tools, or controls. The employee frequently is required to talk and hear. The noise level in the work environment is usually moderate. The employee is occasionally required to stand; walk; reach with hands and arms. The employee is rarely required to stoop, kneel, crouch, or crawl. The employee must regularly lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, color vision, and the ability to adjust focus.
