Internal Auditor (IT / Data)

Description :

Need an internal auditor to work on their IT process / compliance, as well as their internal data governance. Financial services / banking experience highly preferred / required. Full job description coming soon.

Position Summary : The IT Auditor will be responsible for independently evaluating and assessing the effectiveness of the organization's information technology systems, infrastructure, and processes. This role plays a crucial part in identifying and mitigating IT risks, ensuring the integrity, confidentiality, and availability of information assets, and promoting compliance with internal policies and external regulations.

Key Responsibilities :

• Audit Planning & Execution :

Participate in the development of risk-based IT audit plans and individual audit engagements.

• Define audit scope, objectives, and test plans for IT audits, which may include reviews of :

Information security (cybersecurity, access controls, vulnerability management)

• Network and infrastructure (servers, databases, cloud environments - AWS, Azure, GCP)
• Application controls (ERP, critical business systems)
• IT operations and service management (ITIL)
• Data privacy and governance (GDPR, HIPAA, etc.)
• Business continuity and disaster recovery
• Emerging technologies (AI, IoT, etc.)
• Execute audit procedures, including control testing, data analysis, system configuration reviews, and documentation review, to assess the design and operational effectiveness of IT controls.
• Conduct interviews with IT personnel and business stakeholders to gather information and validate understanding of processes and controls.
• Risk Assessment & Control Evaluation :

Identify and assess IT risks, vulnerabilities, and control deficiencies across various IT systems and processes.

• Evaluate adherence to internal policies, procedures, and external regulatory requirements (e.g., SOX, ISO 27001, SOC 1 / 2, PCI DSS).
• Analyze data and system logs to identify anomalies, potential security incidents, and areas for improvement.
• Reporting & Recommendations :

Document audit findings clearly, concisely, and accurately in detailed audit reports.

• Formulate practical, value-added recommendations for corrective actions and process improvements to mitigate identified risks and enhance IT controls.
• Present audit findings and recommendations to IT management and other relevant stakeholders.
• Follow-up & Continuous Improvement :

Monitor and track the implementation status of audit recommendations.

• Perform follow-up reviews to ensure that corrective actions have been effectively implemented and sustained.
• Contribute to the continuous improvement of the IT audit methodology, tools, and processes.
• Collaboration & Advisory :

Collaborate effectively with IT teams, business units, and potentially external auditors to ensure a cohesive approach to risk management and compliance.

• Stay abreast of industry trends, evolving technologies, and changes in regulatory frameworks affecting IT.

Qualifications :

• Education : Bachelor's degree in Information Technology, Computer Science, Information Systems, Cyber Security, or a related field.
• Experience : [X] years of experience in IT auditing, information security, IT risk management, or a related field.
• Technical Skills :

Strong understanding of IT audit methodologies, risk assessment techniques, and control frameworks (e.g., COBIT, NIST, ITIL).

• Knowledge of various IT systems and technologies, including :

Operating systems (Windows Server, Linux)