New York & Dallas/Plano
3 months ago
Client - Top US Bank
- Assist the risk assessment, scoping and planning of a review.
- High level experience leading, motivating, mentoring, and developing people and teams
- Assist in executing the review.
- Design and execute tests to validate identified application system controls, which may require data analysis, code inspection and re-performance of system processes.
- Analyze the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on the business.
- Analyze the business and technology processes to evaluate the effectiveness of the relevant technology controls.
- Validate that system features meet business, technology and regulatory requirements.
- Document the results of the test steps executed within the IA automated document project repository.
- Assist in the report preparation by preparing commercially effective audit conclusions and findings
- Assist in presenting the scope, progress and results of the review to internal, IT and business stakeholders.
- Follow-up on open audit issues and their resolution
- Participate in department-wide initiatives aimed at continually improving IA's processes and supporting infrastructure
- Undergraduate or graduate degree or Masters preferred
- Relevant 10+ years of work experience in technology systems audits, information security and privacy audits, or top tier consulting organizations
- Experience in reviewing organizational structures, business processes and associated IT applications, products, and infrastructure
- Experience in auditing technical platforms such as UNIX, Linux, Mainframe Audits, networks (i.e. Cisco routers, switches, Checkpoint firewalls), databases (i.e. MS SQL, Oracle), and cloud environments (i.e. AWS, GCP)
- Knowledge of auditing data loss prevention program, cloud services, encryption technology, mobile technology, application security and software development methodologies
- Knowledge of industry best practices, standards, and an understanding of the regulatory environment
- Professional certifications such as CISA, CISM, CISSP, CRISC and CGEIT are a plus, but not required
- Data analytics experience (e.g. SQL, CAATs, IDEA, ACL, Monarch, Tableau, Spotfire) a plus, but not required