Senior IT Auditor

Job Description and Requirements

The Senior IT Auditor will lead Information Technology (IT) engagements using a consultative approach designed to add value and improve the Credit Union's operations. They will assess risk exposure and recommend enhancements to IT business systems, processes, and controls to facilitate compliance with all applicable internal policies and procedures, insurance and vendor agreements, state and federal regulations, safety, and soundness considerations, as well as improve the effectiveness of risk management, control, and governance processes. In addition, will perform duties in a manner which enhances the image and promotes department and Credit Union growth.

Essential Functions and Responsibilities:

• Independently plan and perform IT audit engagements using a risk-based, consultative approach designed to include an understanding of business impacts, add value and improve operations.

• Lead planning and development of assigned audit programs designed to test the effectiveness and efficiency of key controls in mitigating IT risks; assist in facilitating IT audits/projects completed by external parties in support of executing the IT audit plan or to incorporate technical expertise when needed.

• Plan appropriately and exhibit effective time management for executing multiple and concurrent audit projects to achieve the scope, objective, and target deadline of each assignment.

• Conduct fact finding interviews with management to identify control weaknesses and opportunities for improvement in the current operating environment.

• Communicate findings with business unit management with the ability to resolve conflicts in a professional and effective manner, and actively seek discussions with department level managers to promote strong internal/external departmental relationships.

• Prepare audit reports that accurately summarize the most significant control weaknesses and resulting impacts to the organization to be reviewed by Audit management.

• Conduct follow-up activities to ensure risks are mitigated to an acceptable level based upon the organization’s risk appetite.

• Attend project and committee meetings as needed as a representative of Audit.

• Consistently exercise strong judgment and critical thinking including making informed and key decisions.

• All other duties as assigned (note: essential functions and responsibilities may change or new ones may be assigned at any time with or without notice).

Requirements:

• Associates Degree in Information Technology, Business, or Accounting

• Minimum of 4 years experience in IT Audit or Information Technology; including experience with IT control analysis and development, IT risk assessment, information security and technology risk management, and an understanding of financial institutions (management experience is a plus to oversee any staff assisting with IT audits/projects)

• Solid knowledge and experience with applications and products, such as Windows AD,UNIX/AIX/Linux, Oracle/SQL Databases, etc.

• Thorough understanding of IT and Information Security standards and governance (NIST, ISO, COBIT, COSO, FFIEC, NCUA, CIS Top 20 Critical Security Controls), data center operations, application security, SDLC and CM process, IT infrastructure management, network architecture, TCP/IP

Skills, Certifications, or Licensing:

• Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) or Certified Internal Auditor (CIA) is a plus

• Proficient in Microsoft Office products and Adobe Professional including ability to research, learn, and apply features not previously utilized

• Utilize data analytic skills including knowledge on developing and implementing CAATs, such as, Audit Command Language (ACL), Monarch, Microsoft Access/Excel, or SQL

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.