The Senior IT Auditor’s job duties include but are not limited to:
- Conducts moderate to complex information/operational technology audits and other projects concurrently. This includes assessing the adequacy and effectiveness of, general IT controls, application controls, and cyber security-related risks covering a broad range of computer technologies including mainframe, LAN/WAN, client/server, Internet/Intranet, databases, telecommunications, etc. Apply appropriate sampling techniques and use computer-assisted audit tools and techniques.
- Conducts Sarbanes-Oxley (SOX) 404 testing, participates in pre/post implementation reviews of major system implementations and assess compliance with critical cyber security standards.
- Develops risk-and-control matrices and prioritize efforts by the identification of key controls and the development of appropriate strategies to test the design and effectiveness of those controls.
- Schedules and leads audit kick-off, midpoint audit status, and closing meetings.
- Ensures that workpapers are complete and adequately support audit observations, conclusions, and recommendations and consistently meet the requirements of the Institute of Internal Auditors as detailed in their International Standards for the Professional Practice of Internal Auditing.
- Prepares clear, concise, and accurate audit reports that require minimal editing for finalization. May assist in the review of draft reports prepared by other auditors.
Minimum qualifications include:
- Bachelor's degree, preferably in Computer Science, Engineering, Business Administration, Accounting, or Finance, and at least 3-5 years work experience
- Minimum of 3 years of audit experience.
- Knowledge of internal controls, system development methodologies, complex integrated computer systems and related environments (e.g. operating systems, databases, middleware, network devices and software applications).
- Experience in auditing and knowledge of the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing is required.
Preferred qualifications include:
- Knowledge of operational technology used to monitor or control physical devices, processes and events (e.g., Distributed Control Systems and Remote Terminal Units) and/or the Internet of Things is preferred.
- Familiarity with Sarbanes-Oxley, NERC Critical Infrastructure Protection and other regulatory requirements is preferred.
- Experience working with advanced technical auditing tools (e.g. Oracle BI, ACL).
- Experience and familiarity with company policies, procedures, systems and business processes.
Interested candidates should submit an application on the coned.com website. The Job posting ID is 108166.