IT Auditor

Job Purpose and Scope: Responsible for conducting audits to assess effectiveness and efficiency of technical controls within Information Security and Information Technology functions supporting the security and operation of the Bank. Essential Job Functions: Responsible for the execution and timely delivery of audit assignments to ensure that all business and technology risks are identified, recognized, and appropriately reported in alignment with the departmental audit plan and initiatives. Executes audits of business, Information Technology Risk and Information Security processes/practices, and major business/IT projects to ensure compliance with Bank Policy, use of compliant best practices, procedural efficiency and accuracy in accordance with the audit plan. Produces quality audit work papers in line with the Bank’s Internal Audit methodology and quality assurance requirements. Prepares reports of audit findings for management and proposes recommendations for changes as needed. Participates and assists in the planning phase of audits and completes assigned tasks. Participates consultatively in implementing changes to the extent possible when meeting with stakeholders and management. Participates in multiple projects and communicates appropriately with identified stakeholders within Internal Audit and management. Tracks and follows up on open issues with stakeholders, and validates management remediation of the issues. Consults with stakeholders in developing action plans to resolve control issues or risks and contributes to resolution of high risk issues with management. Completes assigned tasks per the predefined target dates, and escalates issue to audit manager in a timely manner. Maintains confidentially, integrity and availability (CIA) of Bank information at all times. Regularly exercises discretion and judgment in the performance of essential job functions. Maintains punctuality and good attendance to work. Follows Bank policy, procedures and guidelines. Performs other duties as assigned. Knowledge, Skills & Abilities: Knowledge of Banking regulatory requirements and standards. Knowledge of IT and Information Security operations, policies, and procedures. Knowledge of generally accepted audit standards (IIA) and Bank Internal Audit standards. Knowledge of: Sarbanes-Oxley IT general controls, security/logical access change management, disaster backup and recovery, data center operations Systems Development Life Cycle (SDLC) methodology Operating systems and database platforms (Windows, AS400, DB2, MSSQL). Networking (TCP/IP) components including routers, switches and firewalls. IT governance processes (IT Policies and Standards, ITIL, COBIT principles). Information Security frameworks (ISO 27001), Information Security Forum Standard of Good Practice (ISF), Center for Internet Security (CIS) and NIST standards). IT Risk Management’s assessments processes (Security, Vendor, and Risk Assessments). IT application control concepts (application processing controls, system reconciliations, matching, workflows, etc.). General knowledge of banking laws and regulations. Ability to perform risk based audits of Bank departments and functions with investigative rigor. Strong verbal and written communication skills, including presenting, listening and interviewing. Proficient use of personal computer (including word processing and spreadsheet software). Ability to multi-task various ongoing activities and engagements with a high level of accuracy. Ability to work well with peers and department managers. Ability to travel for business purposes. Ability to work under general supervision. Job Expectations: Operate customary equipment and technology used in a business environment, with or without accommodation.

Note:

This description is not an exhaustive list of all job functions, duties, skills and job standards required. Other job functions, duties, skills, and standards may be added. Management reserves the right to add or change the job requirements at any time.

#J-18808-Ljbffr