Responsibilities: • Analyze business processes, procedures, and risks while evaluating internal controls. • Effectively communicate with the Technology team and liaisons to manage expectations and ensure cooperation to achieve objectives. • Develop and execute IT audit programs, testing procedures, and data analysis to assess the design and operating effectiveness of controls. • Identify control deficiencies and areas for improvement, providing practical and actionable recommendations to enhance technology controls and processes. • Prepare detailed reports and discuss results with the auditee and Internal Audit team. • Complete assigned engagements and reports within communicated deadlines. • Monitor and track the implementation of audit recommendations, following up with stakeholders to ensure timely resolution of identified issues. • Collaborate with other auditors, technical specialists, and business stakeholders to understand technology risks and controls across the organization. • Stay up-to-date with new technologies, regulations, and industry standards to ensure audit procedures remain relevant and effective. • Participate in ad hoc projects, investigations, and other technology or non-technology-related initiatives as assigned.
Experience • 5 years of experience in IT Audit or information technology with a focus on risk management, system development, and/or security. • Bachelor's degree in computer science, Computer Engineering, IS Management, or Business Administration. • Experience in operational audit preferred. • Experience in assessing emerging technology risks, such as cloud computing, artificial intelligence, and cybersecurity. • Familiarity with Linux, SQL, network environments, SSDLC/change management-related processes and controls, cloud migration, code security, and data management. • Understanding of internal control concepts and experience in applying them to plan, perform, manage, and report on the evaluation of various business processes/areas/functions. • Awareness of changes in IT audit practices, regulatory requirements, and IT Risk frameworks (e.g., COBIT, NIST SP 800, NIST CSF, CSC) and their impact.