Contact Us

IT GRC Auditor

Full-Time | Remote | US Eastern Standard Time

Apply Now

Our client is a US-based premier consulting firm specializing in Cyber Security, IT Compliance, and Governance. They have been in the industry for more than 15 years and are looking to expand their team in the Philippines.

About this Role:

The ideal candidate will have strong experience cybersecurity frameworks (NIST, ISO 27001, FFIEC CAT), compliance (NY DFS), data privacy, process automation, cloud security and data analytics software (i.e. ACL). Effective communication, critical thinking, and analytical skills are vital to this position. This role will be responsible for managing and conducting IT audits, assessing IT security controls, ensuring compliance and enhancing the organizations security posture.

This position requires a highly analytical, detail-oriented professional with experience identifying risks, evaluating controls, and providing strategic audit recommendations to senior management.

Responsibilities:

  • Assist with Annual Risk Assessment & Audit Planning
    • Attend interviews with Senior Management to discuss topics such as significant changes (people, processes, systems), strategic objectives, risks, and recommended audit focus.
    • Assist in the annual risk assessment based on established methodology to determine audit priority
    • Estimate the level of effort for each project by working with the team to identify the risks, scope, testing procedures and deliverables.
  • Audit Execution – Planning
    • Reviews the audit objectives and risks and works with the team to identify the etailed audit testing procedures
    • Holds preliminary scoping meetings with the department head(s) stakeholders and determines the best path to test the audit objectives while addressing the key risks.
    • Estimates the level of effort to performing the audit and ensures the audit timeline is within the allocated annual budget timeframe
  • Audit Execution – Risk & Control Evaluation
    • Develops risk and control matrices to evaluate the design of key internal controls.
    • Develops Audit Program and detailed fieldwork steps.
    • Develops the auditee request for information (RFI).
    • Leads the day-to-day audit procedures, performs detailed control testing procedures and documents tests results. Assesses the results of the test plans and provides audit recommendations in the detailed audit
      report.
  • Audit Execution – Reporting
    • Independently identifies meaningful control gaps and develops recommendations that promote continuous improvement in risk management capabilities and the internal control environment.
    • Develops well-written audit reports that include a clear and concise summary of the scope of work performed, conclusions reached, and recommended control improvements noted.
  • Audit Methodology & Tools
    • Performs work consistent with the Company’s Internal Audit Procedures and the Institute of Internal Auditors’ (IIA) International Professional Practices Framework (IPPF).
    • Contributes to ongoing improvements in internal audit
      methodology.
  • Project Management, Communication, & Reporting
    • Independently leads meetings to gather process understanding, provide audit status updates, and communicate audit results.
    • Team & Personnel Development
    • Pursues career development opportunities, including relevant training, professional certifications, and/or
      association memberships. Shares information gained with co-workers.
    • Maintains all organizational and professional ethical standards, including consistently upholding all Company Tenets (humility, accountability, responsibility, creativity, awareness, suitability, reliability, diversity, integrity, fun, balance, and communication).
    • Other duties as needed or required.

Qualifications:

  • 5-8 years of experience working with IT internal audit, risk and/or IT departments and performing readiness assessments or audits of business and IT functions, working in a IT GRC Compliance advisory firm preferred
  • Experience performing IT frameworks audits and IT risk assessments (e.g. NIST, ISO 27001, FFIEC CAT), compliance (NY DFS), data privacy, process automation, cloud security and data analytics software (i.e. ACL)
  • Experience in Audit Execution, Methodology, & Tools
  • Knowledge of, and ability to consistently apply, internal auditing principles and practices.
  • Skilled in critically evaluating processes, risks, and controls.
  • Demonstrates proficiency in documenting processes, risks, and controls in narratives, flowcharts, and workpapers.
  • Moderate/Advanced Microsoft Excel abilities, including ability to perform data analysis using pivot tables, formulas, or macros. Working knowledge of other Microsoft Office applications (Word, PowerPoint, Visio).
  • Data analytics software (i.e. ACL, Alteryx).
  • Robotic process automation (i.e. UiPath).
  • Artificial Intelligence (AI).
  • Machine learning software.
  • Enterprise audit-management software (i.e. AuditBoard)
  • Project Management, Communication, & Reporting
  • Able to leverage appropriate project management tools to monitor audit execution/timelines and provide transparent status updates to audit management.
  • Capable of balancing multiple projects simultaneously through effective prioritization and multi-tasking skills.
  • Skilled collaborator capable of effective interaction, negotiation, and problem resolution with audit and business
    personnel.
  • Effectively able to lead meetings with team members and auditees and conduct process interviews/walkthroughs with business owners to gather needed information.
  • Demonstrates effective business acumen and judgment that is recognized by audit and business managers.
  • Able to develop, present, and assist in “selling” control improvement opportunities and business advice.
  • Demonstrates proficiency in clearly and concisely documenting audit results in workpapers, memos, and audit reports.
  • Team & Personnel Development
  • Displays a strong work ethic.
  • Ability to lead and motivate audit staff and be a “team player.”
  • Experience working in, or adequate knowledge of, industries that include asset management, lending, and/or mortgage servicing a plus.
  • Continually builds knowledge of the business and actively expands capabilities through research and focused training. Stays informed of new developments.

Education and Professional Credentials

  • Bachelor’s degree (in Management Information Systems, Information Technology, Computer Science, Accounting,
    Business Administration).
  • Preferred:
    • “Big 4” IT Audit experience in financial services, preferred
    • Certification as CISA, CISSP, and/or CISM – or committment to obtaining an appropriate professional certification
    • Familiarity with the following Institute of Internal Audit
      Standards (IIA) 3 – 5+ years of progressive Internal Audit leadership experience in a complex technology environment (Experience within IT Operations and/or IT Leadership roles within Infrastructure, Security, Application development considered a plus)
Apply Now

Insights

  • Understanding Project Lifecycle Management and Optimizing Cost Through Strategic Outsourcing
  • A Business Guide to Website Assessment and Redesign
  • Outsourcing Project Management