Are you interested in posting a position with us? Contact us at president@isacasfl.org to add a position here.
Senior IT GRC Auditor
Miami, Florida, USA
www.elevateconsult.com
Apply here: https://elevateconsult.recruitbpm.com/career/detail/53833
Are you passionate about working in a complex IT environment where security and data privacy are a
primary focus of the business model? Do you want to be a part of a dynamic, complex and recession proof
environment working alongside top notch IT professionals? Do you want to join an established and well-
respected internal audit team that add value to the organization and is deemed as the business’ trusted
controls and compliance advisor? Are you available to be onsite (in Miami) and be mentored by VP’s and
Chief Executives? If you answer yes, then continue reading...
About the Position
Our client, an investment management firm focused on investments in mortgages and consumer credit is
seeking Senior IT GRC Auditor(s) to join their internal audit team. The ideal candidate will have strong
experience cybersecurity frameworks (NIST, ISO 27001, FFIEC CAT), compliance (NY DFS), data privacy,
process automation, cloud security and data analytics software (i.e. ACL). Effective communication, critical
thinking, and analytical skills are vital to this position. This role will be responsible for managing and
conducting IT audits, assessing IT security controls, ensuring compliance and enhancing the organizations
security posture.
This position requires a highly analytical, detail-oriented professional with experience identifying risks,
evaluating controls, and providing strategic audit recommendations to senior management.
What You’ll Do:
1. Assist with Annual Risk Assessment & Audit Planning
o Attend interviews with Senior Management to discuss topics such as significant changes
(people, processes, systems), strategic objectives, risks, and recommended audit focus.
o Assist in the annual risk assessment based on established methodology to determine audit
priority
o Estimate the level of effort for each project by working with the team to identify the risks,
scope, testing procedures and deliverables.
2. Audit Execution – Planning
o Reviews the audit objectives and risks and works with the team to identify the detailed audit
testing procedures
o Holds preliminary scoping meetings with the department head(s) stakeholders and
determines the best path to test the audit objectives while addressing the key risks
o Estimates the level of effort to performing the audit and ensures the audit timeline is within
the allocated annual budget timeframe
3. Audit Execution - Risk & Control Evaluation
o Develops risk and control matrices to evaluate the design of key internal controls.
o Develops Audit Program and detailed fieldwork steps.
o Develops the auditee request for information (RFI).
o Leads the day-to-day audit procedures, performs detailed control testing procedures and
documents tests results. Assesses the results of the test plans and provides audit
recommendations in the detailed audit report.
4. Audit Execution – Reporting
o Independently identifies meaningful control gaps and develops recommendations that
promote continuous improvement in risk management capabilities and the internal control
environment.
o Develops well-written audit reports that include a clear and concise summary of the scope of
work performed, conclusions reached, and recommended control improvements noted.
5. Audit Methodology & Tools
o Performs work consistent with the Company’s Internal Audit Procedures and the Institute of
Internal Auditors’ (IIA) International Professional Practices Framework (IPPF).
o Contributes to ongoing improvements in internal audit methodology.
6. Project Management, Communication, & Reporting
o Independently leads meetings to gather process understanding, provide audit status updates,
and communicate audit results.
7. Team & Personnel Development
o Pursues career development opportunities, including relevant training, professional
certifications, and/or association memberships. Shares information gained with co-workers.
o Maintains all organizational and professional ethical standards, including consistently
upholding all Company Tenets (humility, accountability, responsibility, creativity, awareness,
suitability, reliability, diversity, integrity, fun, balance, and communication).
o Other duties as needed or required.
What you Need to Get Hired:
3-5 years of experience working with IT internal audit, risk and/or IT departments and performing
readiness assessments or audits of business and IT functions, working in an IT GRC Compliance
function for large scale organization, preferred
Experience performing IT frameworks audits and IT risk assessments (e.g. NIST, ISO 27001, FFIEC
CAT), compliance (NY DFS), data privacy, process automation, cloud security and data analytics
software (i.e. ACL)
Experience in Audit Execution, Methodology, & Tools
Knowledge of, and ability to consistently apply, internal auditing principles and practices.
Skilled in critically evaluating processes, risks, and controls.
Demonstrates proficiency in documenting processes, risks, and controls in narratives,
flowcharts, and workpapers.
Moderate/Advanced Microsoft Excel abilities, including ability to perform data analysis using
pivot tables, formulas, or macros. Working knowledge of other Microsoft Office applications
(Word, PowerPoint, Visio).
Data analytics software (i.e. ACL, Alteryx).
Robotic process automation (i.e. UiPath).
Artificial Intelligence (AI).
Machine learning software.
Enterprise audit-management software (i.e. AuditBoard)
Project Management, Communication, & Reporting
Able to leverage appropriate project management tools to monitor audit execution/timelines
and provide transparent status updates to audit management.
Capable of balancing multiple projects simultaneously through effective prioritization and
multi-tasking skills.
Skilled collaborator capable of effective interaction, negotiation, and problem resolution with
audit and business personnel.
Effectively able to lead meetings with team members and auditees and conduct process
interviews/walkthroughs with business owners to gather needed information.
Demonstrates effective business acumen and judgment that is recognized by audit and
business managers.
Able to develop, present, and assist in “selling” control improvement opportunities and
business advice.
Demonstrates proficiency in clearly and concisely documenting audit results in workpapers,
memos, and audit reports.
Team & Personnel Development
Displays a strong work ethic.
Ability to lead and motivate audit staff and be a “team player.”
Experience working in, or adequate knowledge of, industries that include asset
management, lending, and/or mortgage servicing a plus.
Continually builds knowledge of the business and actively expands capabilities through
research and focused training. Stays informed of new developments
Education and professional credentials
Bachelor's degree (in Management Information Systems, Information Technology, Computer
Science, Accounting, Business Administration).
Preferred:
“Big 4” IT Audit experience in financial services, preferred
Certification as CISA, CISSP, and/or CISM – or committment to obtaining an appropriate professional
certification
Familiarity with the following Institute of Internal Audit Standards (IIA)
3 - 5+ years of progressive Internal Audit leadership experience in a complex technology
environment (Experience within IT Operations and/or IT Leadership roles within Infrastructure,
Security, Application development considered a plus).
Travel Requirements
This is required to work on-site with an office located in Miami, Florida
PHYSICAL DEMANDS AND WORK ENVIRONMENT:
The physical demands described here are representative of those that must be met by an employee to
successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to sit and use hands to handle,
touch or feel objects, tools, or controls. The employee frequently is required to talk and hear. The noise
level in the work environment is usually moderate. The employee is occasionally required to stand; walk;
reach with hands and arms. The employee is rarely required to stoop, kneel, crouch, or crawl. The employee
must regularly lift and/or move up to 10 pounds. Specific vision abilities required by this job include close
vision, color vision, and the ability to adjust focus.