The Auditor Expert demonstrates an interest and aptitude in industry standard Risk Assessment and Audit Compliance disciplines. The Auditor, Expert e nsures successful completion of assigned audit engagements, from start to finish, inclusive of pre- and post-audit activities, demonstrating advanced skills in these disciplines You will report to the Senior Manager of the IT Operations team with . Help identify and guide the daily activities of internal auditors and remediating staff assigned during an engagement. Applies risk and control concepts to scenarios encountered and identifies any potential issues. Communicates identified issues to ensure any potential concerns are addressed timely and effectively.
Conducts audit engagements successfully from beginning to end, specifically to evaluate compliance with applicable laws, compliance requirements, and established internal security policies
Applies risk and control concepts to scenarios encountered and identify any potential issues
Identifies and communicates issues raised, offering recommended solutions relevant to business and risk
Communicates identified issues with management to ensure potential concerns are addressed in a timely and effective manner
Mentors and trains junior auditors and lesser experienced staff members assigned to engagements providing guidance and overall review of deliverables
Ensures audit conclusions are based on a complete understanding of the process, circumstances, and risk
Helps develops audit programs and testing procedures relevant to risk and test objectives
Obtains and reviews evidence ensuring audit conclusions are well-documented
Required Skills
IT Audit, Risk Assessment & Management, Disaster Recovery and Business Continuity knowledge.
Knowledge of current regulations, including; but not limited to: PCI-DSS, SSAE-18, GLBA, and FCRA.
Knowledge of Information Security frameworks and controls (e.g., NIST, ISO, CIS, COSO,& CobIT).
Knowledge of key IT Security layers, components, and technologies that are commonly used such as but not limited to; web content filtering, intrusion detection and prevention, data loss prevention, Security Information and event management systems, encryption technologies, IPsec, vulnerability assessment and patch management, network and endpoint security.
Ability to understand bigger picture and work independently with professionalism and maturity
Overall experience in IT or related industry to be able to understand what a short and long-term roadmap looks like and how to implement measures.
Advanced project management, problem solving, analytics, and organizational skills
Advanced oral and written communication skills
Professional services industry experience in a related field preferred
Demonstrates consistency in values, principles, and work ethic
Strong, demonstrated technical skills necessary for scoping and executing projects
Required Experience and Desired Qualifications
Bachelor's Degree in Management Information Systems, Accounting, Finance or related field
Currently holds any of the following: CPA, CISA, CISSP, ISO Lead Auditor, PCI QSA and/ or CIA or preparing for associated exam
Willingness to pursue relevant professional certifications (e.g. CPA, CISA, CIA, CISSP, HITRUST CCSFP, ISO Lead Auditor, PCI QSA, etc.)
Minimum of 8 years of cybersecurity or IT auditing experience