Job Descriptions
Use this tool to access job descriptions for your next hire. Search by skills or job titles and download the job description to help you get started. Tip: You can use this tool to help ensure your own resume is up-to-date with the latest job requirements.
IT Auditor
Skills
Job Description
Job purpose/summary
This role will provide the opportunity to combine technical, auditing, and people skills to effectively advise and support the enterprise on risk-related matters. This role requires a lot of organization, and the chosen candidate must have experience with infrastructure and information systems audit experience which aligns with professional standards. Also, this role plays a key function to ensure the project follows department guidelines and professional standards.
Duties and responsibilities
The ideal candidate will be responsible for:
- Providing fundamental guidance and standards for ensuring that the actions taken by internal control process owners are adequate to support quarterly and year-end management assertions in their assessment of an effective internal control environment
- Conducting risk-based IT, operational, and compliance assurance and consulting engagements across the audit life cycle: planning, risk assessment, coordination, fieldwork, data analysis, evaluation of design and control effectiveness, work paper documentation, reporting, and remediation validation with oversight from the director and senior team members
- Performing risk-based information security and IT infrastructure audits encompassing both technical and business process aspects per internal auditing standards
- Preparing detailed plans for performing individual audits including the identification of key risks and controls, determination of audit objectives, and development of an appropriate audit program
- Preparing survey functions and activities in assigned areas to determine the nature of operations, the adequacy of the system of controls, risk management, and governance processes to achieve established objectives
- Performing and reviewing IT governance and security activities, such as business continuation planning, penetration testing, and vendor management
- Performing comprehensive risk assessments and analysis over IT and business processes sufficient to scope applicable engagements
- Performing risk assessments of business units and technology operations, design and executing audit procedures to verify the effectiveness of existing controls
- Maintaining comprehensive historical audit work paper documentation that fully supports reported audit results, leveraging established department tools and standards
- Developing risk-based system project audit strategies and programs in collaboration with subject matter experts
Competencies
The ideal candidate will demonstrate competencies in the following areas:
- Ensuring that practices and methodologies application is maintaining at the high-quality level expected of a strong internal audit practice
- Demonstrating extensive skills and abilities related to controls around the financial reporting, compliance, and operational processes within a professional services firm or large enterprise
- Ensuring the clear and concise communication of audit issues to process owners, management, and leadership
- Maintaining a strong working knowledge of the technology industry, of the client group, the regulatory and broad economic environment availing the client of the knowledge as to the development of new strategies and tactical plans and opportunities
- Providing practical, value-added recommendations to improve risk management, governance, and control practices as well as the effectiveness of business operations
- Information Technology Management
- IT Asset Management
- IT Service Management
- IT Risk Management
- Process Management
- Time Management
- IT Project Management
- Operational Risk Management
- Change Management
- Business Process Improvement
- Quality Management System
- Organizational Change Management
- Information Management
Tools and Technologies
- Web-based Software
- Embedded Services
- Microsoft Windows Server
- Microsoft SQL Server
- Microsoft Access
- SQL Server Management Studio
- Microsoft Windows
- Microsoft Excel
- Microsoft Suite
- Microsoft Office
- Microsoft Active Directory
- Microsoft PowerPoint
- Microsoft Dynamics
- Microsoft Outlook
- Microsoft Word
- Microsoft Power BI
- Microsoft Office 365
Reporting relationship
To be completed by the user of this job description as appropriate
Direct reports (if appropriate)
To be completed by the user of this job description as appropriate
Qualifications
Education
To be completed by the user of this job description as appropriate
Certifications
To be completed by the user of this job description as appropriate
Other relevant qualifications
To be completed by the user of this job description as appropriate
Key Attributes
To be completed by the user of this job description as appropriate
Experience
To be completed by the user of this job description as appropriate
Working conditions (if required)
If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.
Physical requirements (if appropriate)
If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods, lift heavy objects regularly, do repetitive tasks with few breaks, and so forth.