International Bank is seeking an VP, IT (Information Technology) Audit. The role is primarily responsible for executing and project managing assigned audit engagements with minimal supervision and in adherence to department standards, which are based on applicable regulations and internal/external professional practice expectations. This may involve supervision of the execution of assigned audits, including planning, fieldwork, reporting, and issue tracking and follow-up. The position is responsible for internal partner management and the supervision of and accountability for the quality of and judgment calls in audit work. It is also responsible for staff management on individual audit engagements.
- Perform all assigned IT audit activities for specific USAO audit engagements (either as a team leader for IT Audit-led engagements, or as part of business audits where IT Audit is a contributor). In this capacity, the VP of IT Audit is expected to assess the state of governance, risk management and internal control (GRC) processes to identify internal control gaps or weaknesses related to key IT risks (including awareness of risks both within span-of-control as well as enterprise-wide).
- Directly perform all phases of the internal audit process, including control test work and documentation, or direct other USAO team members to perform audit work as well as reviewing/providing feedback to them on their work to ensure the collective IT audit work meets the expectations of our USAO function. Specifically, the position will be assigned to assess the GRC processes of the Bank’s Information Technology (including Information Security) Group, including general controls, technology infrastructure (Network, DB, Servers/OS, and Data Centers), disaster recovery, applications controls, SDLC and pre and post implementation assessments of new business initiatives where Information Technology is a key component.
- Demonstrate seasoned analytical and critical thinking skills in assessing the Bank’s GRC processes, inclusive of enterprise and emerging risks, for the areas assigned to audit (or perform other assurance activities of, including issues tracking and validation, continuous monitoring, auditable entity/key project/key IT application risk assessments, etc.)
- Be able to provide both a “Big Picture” (i.e., a “thematic”) assessment of the GRC processes as well as to elaborate on the details supporting the high-level assessment. The result of the execution of the assigned IT audit activities will require a root-cause analysis of the factors that led to the identification of internal control gaps or weaknesses. The position must report results of audit work in an effective and timely manner, leading to appropriate remedial action and ongoing management of risk.
- With minimal supervision, be able to draft audit findings, actively and promptly discuss them with management, and provide the final product to Auditor-in-Charge (AIC) or Senior Vice President for incorporation into final audit report, inclusive of audit issue rating(s) and related recommendations, and audit report rating(s), as relevant. When presenting internal control gaps or weaknesses identified in the course of the audit activities to Bank management, be able to advise management on the adequacy, sufficiency, effectiveness and sustainability of the corrective actions (SMARTS action plans).
- Demonstrate positive influence on management to advance the internal control environment for IT through credible challenge and the identification, reporting and tracking of high impact risk issues that align with industry best practices and regulatory requirements and expectations for the areas of expertise. Therefore, an understanding of relevant regulatory expectations is essential to execute the audit engagements. As relevant, contribute with the Third Line of Defense’s assessment of management’s plans to respond to regulatory issues and inquiries.
- Effectively manage partner relationships to a mutually accountable, productive, encouraging and trusted level.
- Adhere to the Internal Audit methodology in place. Minimize Quality Assurance comments, (and address QA findings promptly). Act as a leader and role model to assist USAO management to implement process improvements stemming from QA reviews.
- Bachelor’s degree or advance degree from a 4-year college or university. Master’s degree in Information Technology or related are a a plus.
- 10-12yrs’ of relevant work experience in the financial industry and related markets. Corporate Functions Technology (Risk, Treasury, Finance, Human Resources) experience preferred.
- Outstanding verbal and written communications skills.
- Active professional certification(s) in public accounting, or internal auditing required, especially CIA, CISA, CISSP, CISM, CGEIT, CRISC.