Connecting linkedin



IT Audit - Cyber

  • Location


  • Sector:


  • Contact:

    Steven Budziszewski

  • Contact email:

  • Salary high:


  • Salary low:


  • Published:

    5 months ago

  • Expiry date:


Audit Methodology 
• Identify risk and controls within processes, and provide risk assessment
• Lead internal audit projects related to IT general controls, information security/cyber, pre/post system implementation, IT governance, and operational areas; drive consistency of methodology
• Assists with the development of the audit budget and/or timeframe for how the audit will be completed based on the objective and risk of the areas covered within the engagement 
• Finalizes planning documents and conducts first level review of planning documents as required
• Coordinates with other audit teams (business unit, regional, and specialist) to ensure evaluations of related areas occur timely and cover key areas within the audit 
• Demonstrates professional skepticism and comfort with questioning how certain processes are being performed in order to facilitate making improvements
• Applies analytical skills to review information, perform assessments of the audit results, and evaluate the adequacy of controls 
• Reviews the work papers of the audit team members ensuring that departmental standards have been met 
• Communicates the audit status to business unit stakeholders and Audit Services management 
• Drafts findings and recommendations for the purpose of status updates, memos, and audit reports 
• Maintain technical competence by ongoing training, seeking development opportunities and applying new knowledge to daily work assignments
Required Skills:
• Minimum of 4-5 years of IT auditing and systems experience with a focus on information security and cyber security controls (e.g., NIST Cyber Security Framework controls)
• Solid knowledge of audit procedures and technical security and control standards usually obtained through related work experience and a four year degree program is required to perform system audits
• Solid understanding of Information Technology General Controls (ITGC) and non-ITGCs (e.g., Configuration Management, Vendor Management)
• Solid understanding of Information Technology Service Management (ITSM) controls (e.g., Incident Management, Problem Management)
• Skills as needed to perform testing of design and operational effectiveness of application controls (e.g., Interface Controls)
• Knowledge of the operations, functions, and objectives of interfacing areas is required to properly audit operations, services, systems, workflow, and operational impact on other areas
• Operates independently; has in-depth knowledge of business unit/function
• Knowledge of systems software applications and databases common to the mainframe and distributed environments, such as UNIX, iSeries, and Windows is a plus
• Understanding of networks, routers, and firewalls is also a plus
• Certified Information System Audit (CISA) certification is preferred.  Additional certifications such as Certified Information Systems Security Professional (CISSP), or other related certifications is a plus