Director of IT Internal Audit

Job Title: Director of IT Internal Audit

Job Location: Chicago preferred with a hybrid 2-3 work schedule

Department: Internal Audit

Supervisor: Chief Internal Audit Executive

About Old Republic:

Old Republic International Corporation traces its beginnings back to 1923. Old Republic is one of America’s 50 largest shareholder-owned insurance businesses and currently ranks among the Fortune 500 list of the Nation’s biggest companies. Old Republic is primarily a commercial lines underwriter serving the insurance needs of a large number of organizations, including many of America’s leading industrial and financial services institutions.

Located on Michigan Avenue, in the heart of downtown Chicago (“The Loop”), the Old Republic Building (Headquarters) is close to several public transportation lines and parking locations. We are located at 307 N Michigan Avenue, Chicago, IL. This is a hybrid position.

Position Summary:

The Director of IT Internal Audit is responsible for leading an IT Internal Audit function that provides Old Republic International (ORI) management with reasonably independent, objective assurance and consulting services as requested by management and/or as needed to support the Audit Committee in the discharge of its responsibilities. The Director of IT Internal Audit is responsible for ensuring the services provided by IT Internal Audit bring value to the Company, assist the Company in achieving its goals by improving the effectiveness of its operations and control activities, supporting management in meeting its Sarbanes-Oxley and external audit requirements, and supporting management in its IT security responsibilities.

Essential Duties and Responsibilities:

• Leads and coordinates the IT portion of the risk assessment process ORI wide, including leading discussions with subsidiary operating center (SOC) management, reviewing risk assessment results, and presenting the results to ORI Senior Management and the Audit Committee.
• Develops the ORI wide IT audit plan, including identifying audits for inclusion in the plan based on risk assessment results, emerging risks, system changes, considering management requests for audits and assistance, and presenting the plan to ORI Senior Management and the Audit Committee for approval.
• Leads and coordinates the execution of the IT portion of the audit plan by performing audit work, allocating time for each project included in the plan via assigning staff and scheduling projects, participating with the staff in the planning and scoping for each project, designing audit programs, monitoring the staff’s progress on assignments, reviewing the staff’s work, participating with the staff in meetings with clients, managing timelines and budgets, and reporting results.
• Participates in the timely execution of the audit plan by:
• Interviewing Company personnel and assessing the design of processes and controls to ensure they meet the control objectives established in the Company’s Internal Control Policies and Procedures (ICPPs) and relevant IT frameworks.
• Analyzing data and performing tests to evaluate the effectiveness of information technology controls and processes.
• Analyzing data and performing tests to detect fraud and verify compliance with laws and regulations, compliance with management policies and procedures and relevant IT frameworks, and existence of assets.
• Documenting testing, summarizing results, and drafting Internal Audit reports with recommendations to management for improvement.
• Fosters a strong collaborative relationship with IT leadership that includes consulting with IT in the development of IT policies and procedures, consulting and coordinating with IT in the use of outside consultants, and regularly participating in ORI wide IT leadership meetings.
• Develops a role as a trusted advisor to management.
• Acts as a subject matter expert.
• Coordinates and monitors Internal Audit participation in IT system development projects.
• Coordinates ORI wide participation in the IT portion of the Company’s Sarbanes-Oxley compliance effort and support for the external audit for IT general controls, IT application controls, and report validation, including planning and coordinating with management, the Director of Financial Reporting, and the external auditors; monitoring the staff’s progress on completing test work; reviewing the staff’s work; reporting the results to management and the Director of Financial Reporting; and assessing deficiency impact.
• Prepares the Internal Audit status reports along with the other Old Republic Internal Audit Directors for presentation to ORI Senior Management and the Audit Committee.
• Supervises the development of the IT audit staff by providing clear expectations, regular feedback on performance, reviewing the staff’s work on individual assignments, and ensuring staff is provided with adequate and appropriate professional development opportunities.
• Leads initiatives such as updating of Internal Audit department policy and procedure manual or improve the efficiency and effectiveness of the Internal Audit department training.
• May travel up to 30%.

Qualifications and Skills:

• Bachelor's Degree in information systems, technology and/or business related area of study.
• Minimum 10 years’ experience in IT audit, in either internal audit, public accounting, or consulting with experience leading an IT audit function. Experience in a public company and insurance preferred.
• Minimum 4 years’ experience leading and developing high-performing teams and managing direct-reports (personnel)
• Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) certification required. Other non-IT certifications such as Certified Public Accountant (CPA), Certified Internal Auditor (CIA), and/or Chartered Property Casualty Underwriter (CPCU) are beneficial but not required.
• Compliance Frameworks: Familiarity with various regulatory compliance standards and frameworks such as ISO 27001, NIST, COBIT, OWASP, ITIL, NYDFS, NAIC, CCPA, and PCI.
• Language Skills: The Director of IT Internal Audit should be able to read with a basic level of understanding common accounting and auditing journals, and financial reports, should be able to respond to inquiries from clients, should be able to lead meetings with clients and the external auditors, and should be able to communicate effectively in writing. The Director of IT Internal Audit should be able to make presentations to large groups.
• Mathematical Skills: The Director of IT Internal Audit should be able to calculate figures and amounts such as discounts, interest, commissions, proportions, percentages.
• Reasoning Ability: The Director of IT Internal Audit should be able to identify problems, gather relevant information, identify appropriate conclusions, and provide recommendations. The Director of IT Internal Audit should be able to understand and follow verbal instructions, understand the relationship between audit objectives and audit procedures, and understand the relationship between walkthrough results and testing procedures.
• Demonstrates situational awareness and ability to identify and prioritize tasks in advance of explicit direction.

Our Culture, Operating Philosophy, and Institutional Memory, which embodies our collective spirit include:

· It starts with “we” — we have each other’s back.

· We act with integrity — we are trustworthy and honest.

· We are inclusive — we listen to and respect others’ points of view.

· We communicate in an open, clear, consistent, concise manner — we tell it like it is.

Old Republic International “ORI” is an Equal Opportunity Employer. ORI provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.