IT Auditor, Infrastructure & Information Security (Leading Insurer)

Holmdel, NJ

Posted: 03/01/2019 Employment Type: Direct Hire Job Category: Audit Job Number: 105
Location(s): Holmdel, NJ or Bethlehem, PA

Job Description and Synthesis
Internal Audit’ s mission is to provide independent and objective assurance and advisory services guided by a philosophy of adding value to improve the operations of our client, its subsidiaries, and affiliated entities.   Internal Audit assists the company in accomplishing its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of governance, risk management, and internal control, while furthering staff development and providing career growth opportunities.

  Building strong relationships and collaborating with various level of Information Technology (IT) management is essential to this role.   This position functions as the key contact between Internal Audit and the assigned IT areas while serving as the audit subject matter expert for those areas.   This role requires a broad understanding of business and IT objectives, functions, and strategies in order to perform ongoing risk evaluations and assist in developing an annual IT audit plan.   This individual will focus on performing high quality, value-add, assurance and advisory services that identify, evaluate and report on complex IT-related risks and controls in accordance with the Institute of Internal Auditors Standards and established methodologies. 

This individual contributor functions as a working IT audit project manager, fully responsible for planning, executing, communicating issues and progress, and reporting audit results, through which the individual will identify meaningful issues about the design and operating effectiveness of controls, and make meaningful recommendations to improve the control environment.   This position also coordinates and provides advisory services and governance, compliance, and investigation support to the IT functions.

Specific Responsibilities
  • Serve as an Audit Liaison and partner to assigned, key IT area(s), which includes establishing and maintaining productive relationships with area management.
  • Oversee all assurance and advisory service projects in assigned IT area(s).
  • Develop and maintain strong IT area expertise; stay abreast of all IT area operational changes and emerging risks; provide subject matter knowledge to the Audit Department.
  • In collaboration with manager, lead and manage the internal audit annual risk assessment process, as well as ongoing risk assessment, for the assigned IT area(s).
  • In collaboration with manager, develop, plan and oversee the annual audit plan for the assigned IT area(s).
  • In collaboration with manager, provide an annual audit opinion on assigned IT area(s).
  • Work independently or, on occasion, with business/operational auditors on related reviews.
  • Lead, manage and execute more complex assurance projects in accordance with established methodologies and professional standards.   This includes:
    • developing an understanding of management’ s objectives and processes
    • using data analysis skills
    • using well-developed data collection skills to acquire an understanding of the process, risks, and controls
    • creating flowcharts, process maps and/or narratives to analyze and evaluate the effectiveness of management' s control design in addressing associated risks, identifying control gaps or potential improvements
    • using strategic and critical thinking to prepare planning memos, set the audit’ s scope and objectives, and determine resource requirements.
    • formulating and executing audit procedures that test those key risks and controls
    • effectively communicating issues and progress, and obtaining management input on solutions
    • lead project related meetings and discussions as well as periodic touch points with key IT area management
    • prepare value-added audit conclusions, presenting findings to both Internal Audit and IT management to proactively manage risk
    • prepare high quality audit reports and other audit documents that comply with the Department’ s methodology, and communicate relevant issues and effective, value-added recommendations, including Overviews for Executive Management
    • manage engagements so that relevant and value-added results are completed on time and within budget
  • Provide oversight and support to other auditors on projects in assigned IT area(s), ensuring audit reports are clear and concise and effectively communicate observations and recommendations for improvement.
  • Partner with a professional assurance services firm, via a co-sourcing service model, to carry out some of the responsibilities of the role.
  • Demonstrate strong influencing skills when communicating with the IT areas and other risk assurance providers aimed to continually improve relationships and enable management to proactively manage risk.
  • Work with other members of the audit team to leverage their skill sets, experience and expertise; provide same.
  • Act as a mentor to less experienced auditors, including Guest Auditors, by training them on Internal Audit processes, as well as  IT areas and related systems, to foster an effective, high performing culture.
  • Monitor all outstanding recommendations and action plans for the assigned IT area(s); prepare status commentary and follow-up testing as needed.
  • Oversee and conduct value-add advisory reviews of projects, IT functions, and processes, as requested.
  • Provide governance, compliance and investigation support when needed.
  • Assist the external auditors and the IT Risk & Compliance team through coordinating and executing direct assistance testing for select assignments. 
  • Work with Internal Audit leadership to continuously improve departmental policies and procedures.
  • Monitor and demonstrate compliance with departmental policies and practices, as evidenced by strong quality assurance results, and strong performance within standards and related metrics.
  • Stay abreast of current issues, standard industry practices, regulations, and obtain continuing education and training.
  • Participate in special projects and perform other duties as requested.
Key Qualifications
  • Requires a minimum experience of 6 years in IT internal/external audit, and/or IT-related functions.
  • Requires experience in auditing infrastructure environments (e.g., operating systems, databases, networks, middleware, virtualization technologies, etc.), cloud technologies (e.g., Amazon Web Services), as well as cybersecurity and information security related subject matters.
  • Data analytics skills, including familiarity with tools (e.g., TeamMate Analytics, ACL, etc.) a strong plus.
  • Experience in the insurance or financial services industry is a strong plus.
  • Highly motivated self-starter, with the ability to work effectively as an independent contributor or team member.
  • Strong interpersonal skills, with the ability to build strong relationships and clearly articulate thoughts and ideas.
  • Ability to collaborate with others, both inside and outside of the department, while working toward common goals and fostering understanding and agreement.
  • Strong written and oral communication skills, with the ability to write clearly and concisely.
  • Strong analytical skills, with the ability to effectively analyze an IT process and assess risks and controls.
  • Strong data collection skills and problem-solving abilities.
  • Ability to identify root causes of process breakdowns.
  • Recognizes broader implications of issues.
  • Strong organizational skills, with the ability to manage concurrent projects and meet deadlines.
  • Demonstrated critical thinking, influential and leadership abilities.
  • Demonstrated knowledge of internal audit standards and leading practices.
  • Knowledge of IT risk assessment tools and methodologies.
  • Ability to multi-task and quickly adapt to changing priorities while working under moderate supervision.
  • Ability to discuss technical issues in general business language.
  • Proven time and project management ability.
  • Proficient in Excel, Word, Visio and PowerPoint.
  • Familiarity with TeamMate a plus.
it audit, technology audit, CISA, CISSP, infrastructure audit

Spencer Knibbe
Managing Partner

Spencer is the Founder and Managing Partner of MBK Search, LLC - an executive search firm that specializes in the governance, risk, compliance, and cybersecurity market space. Prior to founding MBK, Spencer was Head of Operational Risk at Bridgewater Associates. Before moving to Bridgewater, Spencer was the Head of Risk for ICAP, Plc covering the Americas Region. He started his career in venture capital as an investment associate.

Spencer graduated from Harvard University in 2001 and resides in Ridgefield, CT with his wife and two sons.

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.