The IT Audit Associate is expected to have a high degree of independence and autonomy and participates to all stages of the audit process, under the supervision of the head of assignment. The primary responsibilities within the Internal Audit Department include but are not limited to the following:
- Participate to all types of regional or global IT audits, as part of either dedicated audits of IT functions or as part of integrated audit conducted in conjunction with the business/financial auditors.
- Independently and autonomously participate in the audit process\: create diagnostic matrix with proposed processes and controls for review, identify use cases for data quality testing and relevant sampling strategies, provide concise and comprehensive debriefing presentation for IGAD management and auditees.
- Ensure that Audit management is informed, on a timely basis, of all significant issues arising from missions and of any event that may have an impact on the company.
- Write clear and impactful findings and audit reports that provide added value to the organization.
- Perform diligent follow-up of audit recommendations and action plans.
- Contribute to the development of risk assessment, internal control evaluations, and other processes necessary to determine areas of risk or weakness that will contribute to the development of audit plan and strategy.
- Participating in department wide transformation projects (data analytics, digital transformation, etc.) and actively contribute, communicate, and implement the changes, and support others through the process.
- Maintain a professional and independent image for Internal Audit across the Group.
DIVISION DESCRIPTION\:
The Audit Division (IGAD) represents Societe Generale's independent internal audit function, comprised of over 1,200 professionals covering Societe Generale's global business and services in over 150 countries. The SGUS Audit Department (SGIAA) within IGAD is a group of about 70 professionals with diverse backgrounds and subject matter expertise based in the US, Bangalore, and Brazil, responsible for Societe Generale's businesses in the Americas region. Constituting the third line of defense, IGAD conducts independent audits of operational entities in an objective, thorough and impartial manner in line with professional standards. IGAD assesses the compliance of the Group's operations, the effective level of risk exposure and management, the adequate enforcement of procedures and the effectiveness and relevance of the permanent control set-up.
SKILLS AND QUALIFICATIONS:
Required:
- Knowledge of one or more IS/IT areas\: governance, projects, developments and SDLC, production, security, risk management, disaster recovery planning, and technical infrastructure components.
- Familiarity with IS/IT processes (incident management, change management, release management, configuration management, etc.)
- Knowledge of IT Security concepts, familiarity with vulnerability testing and awareness of security exploits
- Familiarity with Infrastructure components, such as\: Database management systems (e.g., DB2, SQL Server and Oracle), major computing platforms (Windows NT/2000, UNIX operating systems) and client/server architectures, commonly used systems and applications, and web-based technologies, Network components (firewalls, routers, switches, IAPs)
Nice to Have:
- Familiarity with investment banking/financial services business and products considered a plus
- Familiarity with one or more security and control frameworks such as ISO 17799, COBIT, COSO, Common Criteria, FFIEC, etc.
- Familiarity with regulations and statutes such as\: GLBA, the California Privacy Bill, or the Volker Rule / Dodd Frank Act
- Knowledge of anti-money laundering (AML) systems used for transaction monitoring or sanctions/OFAC screening, and knowledge of payment processing systems.
Education/Prior Experience:
Required:
- Bachelor’s degree in computer science, information Systems, Information technology or a business discipline.
Nice to have:
- ISACA certifications\: CISA (or to be obtained quickly after the recruitment).
- Master’s degree in a business or IS/IT discipline
- Preferred certifications\: ITIL, CISM, CISSP, CIA, PMP, Prince2
- Other certifications considered a plus\: CGEIT, CNE, MCSE, MCP, CCSP, CCIE, CCNA