IT Audit & Risk Manager (Leading Insurer)

New York, NY

Posted: 05/14/2019 Employment Type: Direct Hire Job Category: Audit Job Number: #106

Location(s): New York, NY, Holmdel, NJ, or Bethlehem, PA

Job Description and Synthesis
Internal Audit’s mission is to provide independent and objective assurance and advisory services guided by a philosophy of adding value to improve the operations of our client, its subsidiaries, and affiliated entities.  Internal Audit assists the company in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of governance, risk management, and internal control while furthering staff development and providing career growth opportunities.

 This position will assist the Head of IT Audit in actively managing and maintaining the activities of a diverse, seasoned, professional IT audit staff.  This includes supervising assurance and advisory projects carried out to enhance the enterprise IT control environment and add value to the Company.  Activities include planning and executing audits, communicating issues and progress, and reporting audit results.  The job requires a highly efficient and effective individual to review, evaluate, and report on complex IT-related risks and controls in accordance with the Institute of Internal Auditors Standards and established methodologies.  This individual will also perform high quality, value-add, assurance and attestation services that identify, evaluate and report on complex IT-related risks. 

 This individual must have excellent communication skills, be detail-oriented, and provide thought leadership on IT risk management and controls. This includes providing governance, compliance, and investigation support along with other advisory services.  Building strong relationships and collaborating with the IT senior management is essential to this role.  This position functions as the key contact between Internal Audit and the IT organization serves as an audit subject matter resource for IT and provides an annual audit opinion.  This role requires a broad understanding of business and IT objectives, functions and strategies to perform ongoing IT risk evaluations and develop an annual IT audit plan.

Specific Responsibilities

  • Administer and support evaluation of IT-related risks and assist in preparing an annual IT Audit Plan and audit schedule. Stay abreast of the risk and compliance landscape. Maintain and update these documents throughout the year as the risk and resource factors change.
  • Lead, manage and execute complex IT assurance projects in accordance with established methodologies and professional standards.  This includes:
    • developing an understanding of IT management’s objectives and processes.
    • using strong data analysis skills.
    • using well-developed data collection skills to acquire an understanding of IT processes, risks, and controls.
    • creating keenly focused narratives to analyze and evaluate the effectiveness of management's control design in addressing associated risks, identifying control gaps or potential improvements.
    • using strategic and critical thinking to prepare planning memos; set the audit’s scope and objectives, and determine resource requirements.
    • formulating and executing audit procedures that test those key risks and controls.
    • effectively communicating issues and progress, and obtaining management input on solutions.
    • lead project related meetings and discussions as well as periodic touch points with key IT area management.
    • prepare value-added audit conclusions and present findings to both Internal Audit and IT senior management to proactively manage risk.
    • prepare high-quality audit reports and other audit documents that comply with the Department’s methodology, and communicate relevant issues and effective, value-added recommendations, including Overviews for Executive Management.
    • manage engagements so that relevant and value-added results are completed on time and within budget.
  • Provide leadership, direction, and support to other auditors on IT audits.  Ensure staff is properly focused on business and IT objectives and the associated risks and controls, and effectively allocate resources to ensure the successful completion of the plan. Maintain effective project controls for each audit project as required by professional standards.
  • Effectively communicate results. This includes preparing clear and concise reports of observations and recommendations for audit and all levels of management.
  • Monitor all outstanding recommendations and action plans for IT; prepare status commentary and ensure follow-up testing is performed as needed.
  • Perform timely and comprehensive work paper reviews to determine whether the work is accurate, complete, satisfy the audit objective and complies with department guidelines; and providing constructive feedback to the preparer.
  • Documents performance appraisals of other auditors and hold performance review discussions.
  • Oversee or perform the duties of an IT Client Service Representative (CSR).  Establish and maintain effective relationships with IT management and become aware of any issues, new regulations or partnering opportunities. Review and issue all drafts and reports for IT and perform follow-ups of outstanding audit recommendations.
  • Demonstrate strong influencing skills when communicating with IT senior management and other risk assurance providers aimed to continually improve relationships and enable management to proactively manage risk.
  • Develop and maintain strong IT area expertise; stay abreast of all IT area operational changes and emerging risks; provide subject matter knowledge to the Audit Department.
  • Work with other members of the audit team to leverage their skill sets, experiences, and expertise; provide the same.
  • Provide an annual audit opinion on the IT organization.
  • Manage three to five direct reports. 

Key Qualifications

  • Minimum of 12 years’ experience in IT internal audit, IT external audit and/or IT-related functions.
  • Experience in auditing infrastructure environments (e.g., operating systems, databases, networks, middleware, virtualization technologies, etc.), cybersecurity and information security is a strong plus.
  • Experience in auditing emerging technologies, including Amazon Web Services’ (AWS) platforms and tools is a strong plus.
  • Data analytics skills, including familiarity with tools (e.g., TeamMate Analytics, ACL, etc.) is a strong plus.
  • Expertise with IT risk assessment tools and methodologies and conducting IT risk assessments.
  • Strong analytical skills, with the ability to effectively analyze an IT process and assess risks and controls.
  • Strong written and oral communication skills, with the ability to write clearly and concisely.
  • Detail-oriented.
  • Strong organizational skills, with the ability to manage concurrent projects and meet deadlines.
  • Innovative.
  • Highly motivated self-starter, with the ability to work effectively as an independent contributor or team member.
  • Strong interpersonal skills, with the ability to build strong relationships and clearly articulate thoughts and ideas.
  • Ability to collaborate with others, both inside and outside of the department, while working toward common goals and fostering understanding and agreement.
  • Proven ability to identify root causes of process breakdowns.
  • Demonstrated critical thinking, influential and leadership abilities.
  • Demonstrated knowledge of internal audit standards and leading practices.
  • Ability to multi-task and quickly adapt to changing priorities while working under minimal supervision.
  • Proven ability to discuss technical issues in general business language.
  • Proven time and project management ability.
  • Experience in the insurance or financial services industry is strongly desired.
  • Proficient in Excel, Word, and PowerPoint.
  • Familiarity with TeamMate a plus.  
  • Bachelor’s degree required (Information Systems, Computer Science, or other IT-related degree is a strong plus).
  • Professional accreditations (CPA, CIA, CFE, CISA, etc.), licenses, or designations is required. 

Spencer Knibbe
Managing Partner

Spencer is the Founder and Managing Partner of MBK Search, LLC - an executive search firm that specializes in the governance, risk, compliance, and cybersecurity market space. Prior to founding MBK, Spencer was Head of Operational Risk at Bridgewater Associates. Before moving to Bridgewater, Spencer was the Head of Risk for ICAP, Plc covering the Americas Region. He started his career in venture capital as an investment associate.

Spencer graduated from Harvard University in 2001 and resides in Ridgefield, CT with his wife and two sons.

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.