Responsibilities:

• Responsible for effectively planning and executing comprehensive audits and advisory engagements assessing technology and information security related areas under the direction of Internal Audit Management. These activities include:
  • Obtaining an understanding and evaluating processes and technologies.
  • Facilitate walkthroughs with control owners and key Technology leads.
  • Collaborating with leadership and colleagues to assess the design and effectiveness of processes using traditional and innovative techniques.
  • Conducting audit testing and analysis and completing documentation of high quality in accordance with departmental standards.
  • Collaborating with the Internal Audit Data Analytics team to design, develop, and consume moderately complex data analysis.
  • Documenting and reporting process weaknesses or inefficiencies.
  • Conducting entry/exit meetings with business area management.
  • Drafting and finalizing results and reports targeted to senior management and corporate directors.
  • Performing follow-up on previously identified findings and management’s action plans.
  • Automating testing using desktop automation, data analytics, or robotic process automation techniques.
  • Completing tasks within the allotted timeframes.
• Embrace a culture of agility, innovation, and continuous improvement within the Internal Audit function. 

Education/Formal Training:

• Bachelor’s degree in Information Systems, Computer Science, Engineering, or Finance preferred.  Other business or technology related degrees considered depending upon relevant experience.  
• Auditing, technology, or security coursework, a plus.

Licenses, Certifications, Registrations (if applicable):

• Professional auditing, security, or technology designation (e.g., CISA, CISSP, CCSP, AWS Cloud Practitioner, etc.) or actively pursuing the completion of such designation preferred.

Work Experience:

• Minimum 2-5 years of experience in technology audit, consulting, or information security roles; with excellent knowledge of general controls and Sarbanes Oxley requirements; previous experience in technology, data analysis, consulting, and/or technology compliance roles would also be considered.
• Previous experience in the asset management, securities and/or banking industries a plus.
• Equivalent relevant experience in the investment management industry may be substituted for direct audit experience.
• Experience auditing automated application controls, enterprise applications, information security and cyber security practices, and various technology platforms such as UNIX, Windows, SQL Server, and Oracle databases
• Experience conducting data analysis, visualization, or CAATs a plus.

Skills:

• Critical thinking and problem-solving ability; effectively identify risks and unexpected patterns in complex situations, investigate issues, analyze root cause, and determine the appropriate course of action. 
• Resilience in debating and discussing existing practices or contentious issues; confident in dealing with difficult situations and resolving conflicts and influencing with diplomacy while maintaining objectivity.
• Effectively communicate complex, technical concepts; actively listens and promotes mutual understanding; adjusts communication styles effectively to suit the needs of different audiences.
• Client service disposition; understands stakeholder needs and concerns and provides constructive feedback, sound advice, and potential solutions.
• Able to build and sustain effective working relationships with business partners and external peers.
• Result-oriented and comfortable as an individual contributor.
• Intellectually curious with constant desire to learn and share knowledge with others.
• Strong knowledge of leading practices around IT controls, such as the COBIT, NIST, or ISO27000 frameworks.
• Strong knowledge of technology and cybersecurity trends and tools.
• Strong analytical, project management, and administrative skills.
• Ability to work in a diverse, cross-functional and international environment.
• Adaptable and comfortable with changing environment.
• Self-starter and motivated must be able to work without frequent direct supervision.

• Demonstrates high professional ethics.
• Proficient with analytics software such as Tableau, Spotfire, Alteryx, ACL, IDEA, etc. a plus.
• Proficient with Microsoft Office (MS Word, Excel, Power point, Access etc.).