IT Audit Manager
Add value through: 1) the performance of assurance/audit and risk assessment projects and 2) the management of programs and activities related to these areas
Manage the day-to-day activities related to the company’s standard audit and assessment programs (SOC 1, SOC 2, PCI, HITRUST, etc.)
Essential Duties & Responsibilities:
- Lead the company’s standard IT audit programs (e.g. SOC 1, SOC 2, PCI, HITRUST) with oversight from the VP, Audit & Assurance, and directly participate in key activities which include, but may not be limited to, the following: performance of control testing, review of control testing performed by others, coordination with external auditors, providing guidance to control and process owners, and monitoring and reporting on remediation efforts.
- Manage IT and information security risk assessments, audits, and gap analyses as needed with oversight from the VP, Audit & Assurance
- Provide IT/Security control best practice recommendations based on result of audits/assessments and monitor remediation of deficient controls/weaknesses, as needed.
- Play significant role with identification and communication of IT risks across the enterprise.
- Partner with IT, Legal, GRC, Development and/or the Information Systems Security Office to complete other IT related initiatives across the enterprise, as needed.
- Maintain business relationship with external auditors or other third-party services firms.
- Manage a team of audit professionals of various levels and experience, including consultants
- Adheres to all company policies and procedures including, but not limited to those identified within the Standards of Business Conduct and the Colleague Handbook, as may be amended from time to time. Adheres to all applicable laws and regulations and the company's governance/compliance program
Minimum Qualifications & Competencies:
- Undergraduate degree required with minimum 4-6 years of experience as an IT auditor or relevant IT experience
- Professional certification required (e.g. CISA, CISSP, GSNA or similar)
- Knowledge of and hands-on experience with SOC 1 and/or SOC 2
- Strong written and oral communication skills
- High level of personal and professional ethics
- Ability to define issues, collect data, establish facts and draw valid conclusions
- Ability to understand in-house developed systems and identify risks
- Ability to prioritize multiple tasks and meet deadlines with minimal supervision
- Ability to communicate technical information to non-technical audiences at all levels of the organization
- Ability to effectively supervise staff, delegate tasks and responsibilities, and monitor progress
Preferred Skills but Not Required:
- Knowledge of and hands-on experience with PCI, HITRUST and/or other IT audits
- Project management experience
- Prior experience with RSA Archer eGRC
- Master’s degree in Information Systems, Computer Science or related field
A Human Approach to Staffing
Our Company is committed to the principles of equal employment. We are committed to complying with all federal, state, and local laws providing equal employment opportunities, and all other employment laws and regulations. It is our intent to maintain a work environment which is free of harassment, discrimination, or retaliation because of sex, gender, race, religion, color, national origin, physical or mental disability, genetic information, marital status, age, sexual orientation, gender identity, military service, veteran status, or any other status protected by federal, state, or local laws. The Company is dedicated to the fulfillment of this policy in regard to all aspects of employment, including but not limited to recruiting, hiring, placement, transfer, training, promotion, rates of pay, and other compensation, termination, and all other terms, conditions, and privileges of employment.