Technical Audit Specilist

This position offers the opportunity to analyze end-to-end IT & Security service operations and the complex tools and applications that enable them while keeping your knowledge paced with emerging technology and industry trends in cyber security. In addition, you will review and analyze IT governance processes and develop and perform continuous auditing techniques leveraging data analytics to provide ongoing coverage for the Audit Committee of the Board of Directors and Senior Management. The role offers the unique opportunity to assess and help improve the control environment, upskill, and coach less technical auditors on the team, with a focus on delivering risk-based assurance and advisory audit services.

As a Technical Audit Specialist, you would receive: Diverse assignments in key IT service, technology, and security areas. Progressively challenging assignments in high and emerging risk areas such as cyber, public cloud, DevSecOps, acquisitions, etc. Opportunities to leverage data analytics and AI technologies throughout the audit process. Approximately 40 hours of continuing professional education each year, including training in technology, auditing and personal development skills.

MAJOR ACCOUNTABILITIES:

• Demonstrate the ability as a self-starter by working independently by applying the departments' audit methodology in a team environment to maximize performance.

• Effectively interface with 1st and 2nd lines of defense, including various levels of management, and have a working knowledge of effective governance processes for critical IT areas.

• Further technical knowledge and demonstrates a strong understanding when completing assigned work related to emerging technology risks for existing and new technology implementation efforts.

• Participate in key phases of the audit from planning to reporting, including understanding the technologies under review, how IT enables business operations, scoping the audit, identifying risks and controls, designing and executing testing with minimal oversight, and assisting with audit report writing.

• Examine key operational and information technology/security processes, leverage critical thinking skills to identify risks and ensure appropriate controls have been designed, and develop corresponding test procedures.

• Identify value-added improvement opportunities and control enhancements, and effectively communicate audit issues and valuable recommendations in both technical and non-technical terms to Operational and IT management.

• Demonstrates increased technical understanding of data analysis concepts and practices, including writing/QA’ing scripts, and leveraging AI to assist as needed to source data.

• Working knowledge of industry cyber frameworks/guidance (e.g., NIST CSF, CIS Critical Security Controls, etc.) as well as cyber regulations (e.g., NY DFS, etc.) and an ability to assess against them.