Technology(IT)Auditors are responsible for planning, performing and reporting the results of application, infrastructure, and integrated business audits using the Internal Audit team's risk based audit approach.Work is performed under the direction of Technology Audit Managers, often in other locations, with close collaboration with other audit team members, including Business audit, as part of an integrated audit approach, and may include individual or multiple auditor assignments.
The role involves:
- Comprehensive risk assessment and engagement planning.This entails:
- Understanding fundamental IT risks and key controls to evaluate the effectiveness of the control environment during various product-line and functional audits (e.g. trading, credit and market risk, financial reporting, asset management, etc.);
- The identification and assessment of technology risks (including understanding the manner in which such risks are controlled and the audit approach required to ensure controls are appropriately designed and operating effectively); and
- Preparing documentation (work papers, planning documentation) that reflects the aforementioned information and assessments in a clear and concise manner.
- Executing audit work.This encompasses the execution of the planned approach for the audit in a team-based environment, interacting closely with various levels of staff and management throughout the Bank.In this regard, the auditor will execute IT control reviews, including assessments of system development practices, change and incident management processes, systems security, access controls, availability and recovery, and operational support procedures, as well as application controls.The auditor may also perform audits of various technology infrastructure platforms (e.g., hosting, e-commerce, cloud, networking, computer security, etc.). Audit also periodically conducts thematic regional or global reviews to address key risk areas, which include special reviews mandated by the Audit Committee and/or Executive Board.
- Developing, presenting and finalizing audit reports. This process entails the initial drafting of the report, discussion with management to confirm the factual accuracy and clearance and coordination with Management to obtain written responses to Audit's recommendations.
- Mentoring new hires to aid in their acclimation to the Bank and the manner in which the Department operates.
- Contributing to and championing remote audit best practices.
- Participating in the recruitment of other Technology Auditors.
- Supervising less experienced Auditors on multiple auditor assignments.
- Performing administrative duties as it relates to key responsibilities and participating in special projects as delegated by Department Management.
- Developing and maintaining relationships with Bank Staff and Management to facilitate proactive assessment of the Bank's risk profile and career development.
- Assessing personal development needs (e.g., training) in conjunction with Department Management.
- Undergraduate degree in Computer Science, Engineering, MIS, Accounting, Business or related areas (advanced degree a plus).
- 5-8 years of related work experience in a technology audit or risk role; financial services experience preferred, but not required.Knowledge of Banking regulatory requirements an added plus.
- CISA certification or equivalent a plus.
- Excellent communication and interpersonal skills.
- Outstanding organizational, time and project management skills.
- Ability to work independently and within a team environment.
- Willingness to travel (estimated at 10-15% annually).
- Highly motivated, pro-active and results-oriented professional.
- Knowledge of emerging IT risks.