Senior IT Auditor - TOD/TOE

Senior IT Auditor

Location: Dallas, TX

Contract

Right now it s 2 days on site and 3 days remote but come June or July it might go to 5 days a week on site so they must be o.k. with that.

Looking for someone that has experience doing real audits

Experience developed IT programs

Experience with TOD and TOE

Proficient in Excel

SQL would be a huge

Experience with COBIT and NIST

Security controls review

Someone who has Audit a cloud or Saas would also be helpful

Experience with Penetration testing for a security audit

If they have some type of GRC background that would be good

Lennar is one of the nation's leading homebuilders, dedicated to making a positive impact and creating an extraordinary experience for their Homeowners, Communities, and Associates by building quality homes and providing exceptional customer service, giving back to the communities in which we work and live, and fostering a culture of opportunity and growth for our Associates throughout their career. As a recognized Fortune 500 company and consistently ranked among the top homebuilders in the United States, Lennar strives to be a leader in innovation and excellence.

The Senior IT Auditor conducts audits of the information technology control design and effectiveness in accordance with information technology & security standards; Control Objectives for Information and Related Technology (COBIT); and/or International Organization of Standards (ISO). This role manages audits, projects, activities, and remediation plans to mitigate information technology and security risks within LTS. Additionally, it assesses the information technology control environment and recommends enhancements and improvements to control activities, measures, and routines.

Main Responsibilities:

• Conducts internal, information technology audits and rigorous control self-testing programs to ensure controls are designed adequately and working effectively to mitigate information technology and security risks within agreed policies, procedures, standards, and risk limits.
• Audits, assesses, and ascertains that controls and processes are in place to ensure that information technology risks have been adequately managed and in line with business priorities.
• Serves as a subject matter expert on information technology policy, standards, and framework and proactively bridges the gap between control requirements, technical issues, and business risks.
• Proactively researches changes in the industry, information technology governance, and external risk compliance landscape.
• Ensures information technology risk management practices are embedded in the enterprise and that systems and data criticality and sensitivity are defined.
• Delivers key performance indicators on audit issue and control weakness closure rate. Conduct testing and validation of remediation action plans and enhancements to control routines.
• Engages the Enterprise Security Office as appropriate in support of security-related control testing and remediation as warranted.
• Creates and presents implementation plans approved by senior leadership.

Requirements:

Advanced understanding of business and IT strategy/processes in their area of expertise.

Strong awareness and knowledge of the following areas of information technology: cloud computing and security, governance, service management.

Ability to provide recommended actions toward the design and operation of control measures and routines to ensure compliance with information technology and security standards, polices, and applicable regulations.

Aligns solutions with IT strategy and standards.

Building skills in multiple areas.

Provides input and performs full system life cycle management activities including solution configuration; data mapping and definition, test development and execution, and system training.

Leads small projects, ensuring requirements and timelines are met.

Provides level 3 support functions.

Defines solutions in alignment with IT strategy and standards.

Application of systems analysis techniques and procedures, including consulting with users, to determine hardware, software, or system functional specifications; OR the design, development, documentation, analysis, creation, testing, or modification of computer systems or programs, including prototypes, based on and related to user or system design specifications; OR the design, documentation, testing, creation, or modification of computer programs related to machine operating systems.

Takes a creative and innovative approach to problem-solving; Actively promotes diversity and seeks to understand others' points of view.

Bachelor's Degree or Certification Required.

8 years of technical audit and/or related governance experience with working knowledge of information technology governance, information technology quality assurance, and/or information security risk assessment.

Demonstrated audit experience assessing information technology, cloud security, and related compliance and control measures.

Knowledge and experience auditing Information Technology and Cloud Security controls in accordance with Sarbanes Oxley (SOX); Control Objectives for Information and Related Technology (COBIT); International Organization of Standards (ISO), and/or other related authoritative sources and standards.

Preferred CCSP Certified Cloud Security Professional, and Microsoft Certified: Microsoft Azure Fundamentals & Solution Architect.

Strong knowledge of Information Technology Infrastructure Library (ITIL) and Service Management principles.

End-to-end project ownership.

Occasional travel for team activities and meetings.