IT Auditor

Overview:

Position Summary:

The IT Auditor will help New American Funding (NAF) achieve its business objectives by bringing a systematic and disciplined approach to evaluating the effectiveness of the NAF’s governance, risk management, compliance, and control practices. We are seeking an IT Audit professional for a newly created position to conduct controls testing internally as well as respond to external IT audits. The IT Auditor will report to the Sr. Director of Cybersecurity Services under SVP of Technology Services and Chief Information Security Officer.

Duties and Responsibilities:

• Compliance Testing: Conduct detailed IT testing to ensure compliance with required regulations. This includes testing IT controls and identifying deficiencies or weaknesses.
• Audit Planning and Execution: Collaborating with Management and Governance Team to develop controls testing plans, strategies, and scopes for IT audits of key IT areas and processes for testing based on risk assessments.
• Control Evaluation: Evaluating the effectiveness of IT controls and processes. This involves assessing controls over IT environments, such as network security, access controls, data integrity, and disaster recovery plans.
• Evidence Evaluation: Evaluate the automated evidence collected by our Next Gen GRC Tool and work with business owners to remediate gaps.  Ensure evidence is kept up to date.
• Documentation and Reporting: Preparing detailed IT controls testing/audit documentation and reports that clearly describe the tests performed, findings, and recommendations for improvement.
• Remediation and Follow-Up: Working with IT and business teams to address control deficiencies. This includes providing guidance on remediation efforts and conducting follow-up reviews to verify the effectiveness of corrective actions.
• Risk Assessment: Performing risk assessments to identify areas of high risk within IT processes and systems and prioritizing audit activities accordingly.
• Stakeholder Collaboration: Collaborating with various stakeholders, including IT management, Governance teams, and external auditors, to ensure comprehensive coverage of IT controls.
• Regulatory and Industry Knowledge: Keeping up to date with changes in required regulations, IT auditing standards, and best practices in IT governance and security.
• Training and Development: Provide training and guidance to team and contributing to developing the IT controls testing function.
• Continuous Improvement: Continuously seeking to improve controls testing/audit processes and methodologies, including the use of technology and data analytics in audit activities.

Qualifications

• Familiarity with common frameworks; CIS, SOC 2, NIST CSF, NY DFS, CCPA/CPRA, etc.
• Familiarity with IT GRC/IRM platforms
• Familiarity with cloud service providers (Azure, AWS, GCP)
• Ability to stay current on technology trends and quickly learn new technologies
• Ability to meet deadlines, prioritize appropriately, cope well with change and maintain composure under high pressure situations

• Excellent interpersonal, written, and verbal communication skills

• Ability to communicate with staff and management of any level

Work Authorization: Must be able to verify identity and employment eligibility to work in the U.S.

Other Duties: This job profile is not intended to be an all-inclusive list of job duties and responsibilities, as one may perform additional related duties as assigned in order to meet the needs of the organization.

Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Must be able to lift up to ten pounds. Primary functions require sufficient physical ability and mobility to work in an office setting; to stand or sit for prolonged periods of time; to occasionally stoop, bend, kneel, crouch, reach, and twist; to lift, carry, push, and/or pull light to moderate amounts of weight; to operate office equipment requiring repetitive hand movement and fine coordination including use of a keyboard; and to verbally communicate to exchange information. VISION: See in the normal visual range with or without correction. HEARING: Hear in the normal audio range with or without correction.

[EOE/M/F/D/V. Drug-free workplace.]

#LI-KH1

#LI-REMOTE