Location: Reston, VA
The right candidate will support the IT Audit Manager in assessing financial, operational, and regulatory risks relating to the company’s use of information technology, evaluating controls over information systems, and providing control recommendations to IT Management and Internal Audit to reduce risks deemed unacceptable. The Senior IT Auditor analyst demonstrates a thorough understanding of the concepts, terminology, capabilities, and applications of technology, security risks, and control risks associated with various IT architectures.
Essential Duties and Responsibilities
• Assesses IT risks through control auditing practices:
o Documents IT processes
o Conducts tests of Sarbanes-Oxley (SOX) IT controls
o Conducts tests of non-SOX IT controls
o Documents test activities and results
o Reports test results to IT management and Internal Audit
• Subject areas include:
o IT Risk Assessment
o IT Security (Logical, Network, Physical)
o Change Management (Software, Hardware)
o BCP / Disaster Recovery / Data availability
o Software Acquisition and Development
o Sarbanes-Oxley Compliance
o General Controls and Application Controls
• Under the direction of the in-charge and/or Manager, contributes to risk analysis, control identification, and audit program development. Independently performs assigned audit testing and concludes on the effectiveness of controls. Identifies control gaps and exceptions from expected control activities and evaluates the potential impact. Demonstrates the ability to multi-task, by clearly documenting the results of testing on more than one audit concurrently.
• Demonstrates development in technical and analytical skills to understand new and existing technologies. Interprets the associated risks, develops testing approach, and proposes solutions.
• Develops increasing technical knowledge and understanding of the department’s audit methodology, insurance industry concepts, Cyber Security, IT General Controls and Software Development Practices. Effectively, demonstrates these capabilities when completing assigned work.
• Contributes to continuous improvement (CI) efforts
• Demonstrates technical understanding of data analysis concepts and practices. Effectively uses the department’s data analysis software to facilitate audit scoping and testing.
• Effectively communicates audit issues and related recommendations in both technical and non-technical terms to Operational and IT management.
• Develops an awareness of changes in IT audit practices, regulatory requirements, and IT Risk frameworks to understand their impact to Auditing and Liberty. (e.g. NIST Cyber, CSC, COBIT, ISO2700x)
• Takes an active role in acclimating associate auditors and newer team members by sharing knowledge of the insurance industry, Company and Internal Audit department processes and procedures.
Education and/or Experience
• Bachelor's degree (B. A.) from four-year college or university in Audit, Computer Science, or Management Information Systems
• 3 + years experience in IT Audit or IT Risk Management
• Extensive knowledge of IT controls and best practices
• Extensive knowledge of the IT Governance Institute’s Control Objectives for Information and related Technology (COBIT) framework for IT governance
• Extensive knowledge of the Sarbanes-Oxley Act of 2002
• Possess a proven track record in the preparation/development of documentation and testing of internal controls and systems
• IT auditing skills or hands on administrative experience in at least one of the following areas: system development & testing; UNIX; AS/400; Windows; Oracle, DB2, SQL; Cyber Security including Network/Web Application Firewall, and other network devices.
• Excellent written communication skills
• Excellent relationship management skills
• Ability to communicate effectively with internal management as well as external firms
• Disciplined self starter who can work with minimal supervision
o Professional certification (CISA, CIA, CISM, NIST, AWS) highly preferred
o Big four experience
- AWS experience