Senior Auditor, Information Security
Hybrid, 3 days onsite, 2 days remoteA prestigious financial firm is on the search for a Senior Auditor, Information Security. This auditor must have 2+ years of IT audit experience using frameworks/standards such as AICPA, IIA, IPPF, COBIT and have a strong proficiency using Archer or other audit tools.Responsibilities:
- Ability to clearly articulate professional principles and standards (i.e., AICPA, IIA IPPF, COBIT, NIST CSF, etc.) and the relevancy to risk management and impact on policies and procedures. In addition, leveraging these principles and standards to test and evaluate corporate risk management processes and controls.
- Maintaining an understanding of policies, procedures, standards, and supporting technologies to effectively identify potential risks and creative alternatives to mitigate risk exposure.
- Keeping current on leading practices and emerging risks in IT, information security, and cyber security within the financial services industry and making recommendations for improvements, as necessary.
- Defining and leading the execution of audit projects in accordance to the annual audit plan.
- Owning the audit quality, accuracy of results, and delivery in a timely manner.
- Providing oversight and coaching the internal team, both internal and/or co-sourced resources, confirming the delivery, quality, and auditee experience.
- Planning, leading, and reporting for risk based special request audit assignments.
- Proactively identifying regulatory, IT, information security, operational, and/or strategic risks to the organization and deliver recommendations for improvements to senior leadership.
- Identifying and analyzing root cause exceptions or inefficient practices and partnering with management provide advice and recommendations develop achievable solutions.
- Knowledge of the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA).
- Strong proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software.
- Bachelor’s degree (or equivalent) in Information Technology, Accounting, Finance, Business Administration, or related field.
- Consulting/accounting firm experience is a plus.
- Experience in Financial Services/Security Industry and working with regulatory organizations such as: Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and/or Financial Industry Regulatory Authority (FINRA)is a plus.
- Demonstrated success in leading audit projects and implementing audit leading practices in a complex technology environment.
- Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certification in Risk Management Assurance (CRMA), Certified Internal Auditor (CIA), Certified Public Accountant (CPA), or similar certification is a plus.
- Minimum of two years of audit experience in conducting IT risk-based audits and projects, and IT process reviews.
Request Technology, LLC - Information Security Business Analyst