Senior IT Auditor - New York - Financial Services
JOB TITLE: Senior Auditor - IT
DEPARTMENT: REPORTING TO: IT Audit Supervisor
KEY RESPONSIBILITIES, DUTIES AND ACTIVITIES
Summary of the position
The Senior Auditor performs a preliminary assessment of the audited activity and its internal control framework. He/she performs independent testing and analysis on specific controls in order to meet the audit’s objectives. He/she also contributes to drafting the debriefing presentation and the final report sent to Management.
Depending on the assignment, Senior Auditors may have to directly supervise one or several Auditors and may act as deputy to the Lead Auditor.
The Senior Auditor may either work independently or supervise one or several auditors.
I -Conduct of assignment
When working independently, the Senior Auditor is responsible for carrying out audit work autonomously as per the audit planning within the defined timeframes in accordance with IGE methodology and procedures and Internal Audit standards. This includes:
-To independently carry out audit planning and fieldwork, including:
-A preliminary assessment of the audited activity highlighting the related risks and controls
-Interviews, testing and analysis of the results of the controls planned in the audit program
-Assessing controls for compliance with regulations, regulatory guidance including but not limited to Federal Financial Institutions Examination Council (FFIEC) IT Examination Booklets, NY Department of Financial Services (DFS) 500, DFS 504, Gramm–Leach–Bliley Act (GLBA), National Institute of Standards and Technology (NIST), Control Objectives for Information and Related Technology (COBIT) etc.
-Assessing processes and controls within core IT infrastructure, IT operations, cybersecurity, business continuity planning and IT disaster recovery, business applications, data governance and management.
-Assessing control design, effectiveness and sustainability
-To document clearly and precisely in test sheets the controls performed and the conclusions reached
-To communicate succinctly and precisely in verbal and written communications
-To identify and report on strengths and weaknesses of the audited areas, to analyse the root causes and consequences of the identified weaknesses, to formalise possible remediation and recommendations to address the findings and to conclude on the effectiveness and efficiency of the control set-up and business practices
-To present audit conclusions to IGE management and to the management of the audited unit (debriefing presentation, final
audit report, etc.)
-To keep his/her management informed of the progress on the audit work assigned, and to escalate any issue that may impact
or delay the audit’s execution or to raise any other relevant information on the assigned audit and the risk and control
-To proactively conduct recommendations follow-ups to monitor whether adequate corrective actions have been taken prior to
closing any recommendations
-To ensure proper archiving of any supporting documentation, audit evidence and deliverables.
-To demonstrate accountability and ownership for the work assigned
II – Team management
The Senior Auditor, when supervising one or several Auditors, is responsible for:
-Training the Auditors on the audit techniques and expected deliverables
-Reviewing the work performed by the auditor to ensure that the test results and the findings are adequately documented and the recommendations are relevant
-Providing regular feedbacks to the Auditor and contributing to the definition of objectives and to the end of assignment assessment related to the team allocated during assignment
-Ensuring collaborative and productive relationships within the team and good coordination throughout the International Network and with auditees
III – IGE Continuous improvement Program / Transversal topics
The Senior Auditor contributes to the continuous improvement of IGE methodologies and processes. As part of her/his
-Prepares or updates audit guides, scorecards or training materials related to specific activities based on existing
knowledge, documentation, interviews, etc.
-Monitors the implementation of recommendations issued
-Builds and shares knowledge (e.g. through contributing to SynerGIA, delivering training or taking part in various Methods
and Support workstreams or assignments)
-Participate in one or several knowledge communities within IGE
The Senior Auditor is regularly trained on banking and regulatory matters and must always maintain a sufficient knowledge of the audited area she/he is responsible for. She/he must complete all the mandatory trainings within the defined timelines.
Management and Reporting
Direct reporting line to the IT Supervisor
During an assignment the Senior Auditor reports to the Lead Auditor in charge of the assignment or to another Senior Auditor depending on the organisation of the assignment
Role specific requirements
This role may require business travels in any relevant locations to conduct the assigned audits, for periods up to several consecutive weeks.
Auditors must comply with the CACIB Audit Charter, in particular the five fundamental ethical principles (integrity, objectivity, confidentiality, expertise, and transparency) and all other locally applicable regulations.
KNOWLEDGE AND SKILLS
-Bachelor or Masters’ degree in
accounting, business, finance,
engineering or related field
-Industry recognized certification
(CPA, CIA, CISA, CISSP, ACAMS)
-3-5 year experience in audit (internal
/ external) or banking organization or
-Previous experience in a bank
Specialist Training Required:
-Proficiency in Word, Excel and
-Verbal and written communication
-Ability to deliver under time pressure
-Fluent in English
-Accountability and ownership
-Ability to work in multi-disciplinary
and multicultural teams
Skills & Knowledge Requirements:
-Understanding of the risks generated
by banking / securities activities
-Specific skills/knowledge on IT and IT
-Ability to perform basis coding in
-Ability to perform data analytics using
spreadsheets, databases, Python,
-Familiarity with commonly used tools
such as ServiceNow, vulnerability
scanners and penetration testing
Any specific skills knowledge in using
core IT systems of the Bank
(understanding of the data production,
analysis of the results)
If you are interested in this role- please send your CV to firstname.lastname@example.org or call
0041435083095 to discuss the full details.