Senior Associate, IT and Security Internal Audit

Responsibilities:

• Plan and carry out internal audits in the Technology and Security domains, ensuring compliance with professional standards, company policies, and regulatory requirements. This involves conducting control testing, identifying issues, and drafting reports.
• Monitor internal audit issues from identification through to resolution, verifying remedial actions to close issues.
• Assess strategies to streamline audit approaches and methodologies, enhance control testing activities, and bolster risk monitoring.
• Collaborate with the Risk, Compliance, and Security GRC departments on control testing initiatives and the maintenance of the process, risk, and control library.
• Establish rapport with process owners and stakeholders to implement meaningful enhancements based on issues identified during internal audits or process development, while upholding the independence of the 3rd Line of Defense.
• Take part in the annual internal audit risk assessment process, including rating risk levels and documenting them.

Qualifications:

• Over 4 years of experience in internal audit, risk management, or controls roles, preferably from a Big 4 consulting firm, or other technology, financial services, or FinTech organizations.
• Proficiency in auditing Technology and Security-related controls following standard frameworks such as ISO 27001, NIST, PCI, COBIT, ITIL, FFIEC.
• Previous involvement in identifying controls, documenting control descriptions, and conducting control testing. Experience in DevOps and agile environments is advantageous.
• Adaptability in a fast-paced environment and willingness to adjust plans when priorities or project scopes shift.
• Effective communication skills with process owners and stakeholders regarding internal audit expectations and findings impacting their business lines.
• Strong written communication abilities, including creating control testing workpapers and reporting identified issues.
• Demonstrated capability to adhere to audit budgets and timelines, and to recognize and escalate issues affecting audit progress.
• Exceptional organizational skills and ability to manage time across various activities while prioritizing areas with the highest impact.
• Bachelors degree in Information Systems, Cybersecurity, Computer Science, Software Engineering, Accounting, Finance, Risk Management, or related fields, or equivalent work experience.
• Proficiency in using G Suite and audit workpaper management software.