Job Description
• Manages own time and audit activities / participants per strict schedules
• Demonstrates ability to communicate clear and concrete audit requirements to audit members.
• Ability to multitask and work on various audits and projects in different phases
• Ability to make good judgments based on observations and supporting information
• Good interpersonal skills, including oral and written communications, listening, interviewing, fostering open communications, facilitating and influencing
• Analytical and inquisitive, dig deep to obtain a solid understanding of business processes and IT controls
• Take responsibility for assigned tasks, understanding and achieving expectations
• Recognize opportunities and propose solutions to improve business processes
• Responsible for coordination of IT Control assurance audits
• Interacts with external auditors and internal delivery personnel to ensure timely and accurate delivery of audit evidence / control testing.
• Maintains regular contact with external Auditors, internal management, and Service Delivery regarding status, issues and risks
• Common activities could include:
• Maintain audit scope document
• Maintain client application matrices and exemptions
• Formal annual review conducted in Q4
• Maintain audit Team room and security to the individual TROOMs
• Maintain control owner list
• Meet with external auditor to review request list and address any issues/concerns;
• Coordinators own the request list and all updates until first Tuesday after fieldwork begins
• Send out request items to controls owners, providing location to populate evidence and when required
• Review audit evidence when received to verify accuracy and completeness
• Provide status report to audit lead, IT Controls lead, and external auditor field lead with status of evidence obtained.
• Weekly meeting with external auditor, IT Controls lead, and audit coordinators to review issues and risks, not detailed activities
• Weekly meeting with external auditor, audit leads to review detail status items
• Create control objective testing schedule: based upon defined control priorities. This schedule also used as input into the timeline required for audit evidence (populations and samples) including follow up
• Monitor, report status and escalate issues or risks within the plan; internal metrics to include: actual vs. Planned, accuracy of testing (i.e. Does External auditor India or External auditor US disagree with the results)
Primary Skills
CISA Certified
ISO 27K/PCI added Advantage
Secondary Skills
Experience with IT Controls testing / auditing (SSAE 16 SOC reports)