Senior IT & Security Auditor
Plano, TX 75024
- Conduct risk-based audits including all aspects of the audit lifecycle, including risk assessment, planning, client coordination, fieldwork, data analysis, workpaper documentation, reporting, and remediation validation, with direction from senior team members.
- Strong focus on information technology and information security controls in executing integrated, risk-based audits to evaluate the design and effectiveness of internal controls. Auditor will also focus on the integration of IT and business process risk considerations within the audit process.
- Detailed understanding of IT managed processes, including technology architecture, system build and provisioning, configuration management, performance monitoring, incident management, change management, user access management, disaster recovery, etc.
- Evaluate key information security risks including confidentiality, integrity and availability of technology components through review of security operational processes, such as vulnerability management, penetration testing, security logging and monitoring, security incident response, and defense in depth strategies.
- Evaluate root cause factors for audit testing exceptions and recommend practical solutions that reduce risk and strengthen business process and controls.
- Ensure audit testing work papers are documented in a consistent and high quality manner while executing project tasks in adherence to established timelines.
- Build and develop Internal Audit’ s brand within the company through meaningful relationship building.
- Enable continuous improvement of the Internal Audit department by identifying and communicating enhancement opportunities to department leadership.
- Support the development of other team members within the Internal Audit department. Knowledge, Skills, and Abilities
- Technology infrastructure security, including mainframe, UNIX/LINUX, Windows, SQL Server and Oracle database
- Integration of business process controls with supporting technologies. Business process workflow documentation, including identification of key risks and the corresponding business and technology controls
- Ability to work in a complex and evolving environment.
- Demonstrate strong project management and execution skills, including: prioritizing tasks, balancing workload, anticipating next steps, and adapting to change.
- Tailor project approaches based on areas of key risks. Critically evaluate audit procedures to maximize the value of each audit project.
- Strong communication and presentation skills with an ability to tailor communications to different audiences.
- Prepare clear, concise and accurate documentation and audit reports.
- Pursue work with enthusiasm, energy, drive and team collaboration.
- Establish and build effective relationships.
- Collaborate with management and senior leadership to improve internal controls and processes.
- Assist and provide guidance to the Internal Audit staff, when needed; train staff during fieldwork.
- Proactively communicate issues with colleagues and obtain agreement on audit findings and practical recommendations with control owners prior to presentation to management.
- 3+ years of relevant audit and risk management experience.
- Knowledge of auditing principles and practices, and the analysis and reporting of audit information.
- Bachelor’ s degree in Auditing, Business Management or Information Technology.
- Merchant Acquiring / Payment Processing industry experience preferred.
- Experience with internal control frameworks, including COBIT, FFIEC, PCI DSS, Sarbanes-Oxley, ISO27001, and ITIL
- CIA, CISA, CISM, CISSP or other relevant certifications are preferred.
- 10-15% travel requirement, including some international travel