IT Audit Manager

IT Audit Manager



This role will have a hybrid work schedule in our Boston office in accordance with the Bank's Hybrid Work Program. More time will be encouraged in the office to support onboarding initially.



Our client is a leading provider of various forms of capital for the New England region. This bank provides funding to hundreds of financial institutions across the region and is organized as a co-operative. The organization has over 200 highly skilled, diverse, innovative, collaborative, and passionate team members.



This new role will support the VP/Senior Audit Manager Information Systems in formulating and executing the IT Internal Audit plan. The

Information Systems Internal Audit Manager will assist in the annual risk assessment and corresponding planning process, supervise the pre- and post-implementation project audits, complete SOX Information Technology General Controls (ITGC) testing and cycle audits as needed, and serve as the point of contact for co-sourcing arrangements, perform testing as well as manage the preparation of the internal audit reports. The incumbent will establish productive business relationships with Bank Technology's management team and communicate with them regarding audit results and

significant control matters. For effectiveness in this role, the incumbent must maintain expertise in the technology used at the Bank and keep apprised of related vulnerabilities and breaches.



Pre- and post-implementation project audits requires both technical expertise and a solid audit foundation. The audits are anticipated to

require creativity and agility. This role will manage the performance and development of one Senior IT/IS Auditor. Prior people management and audit leadership skills are required for success in this role.



Specific Responsibilities



- Interface directly with IT management, Enterprise Risk Management and Compliance to provide audit results and ensure compliance with

regulatory requirements, company policies and procedures and industry best practices.



- Supervise and conduct pre- and post-implementation audits. This position will have one direct report.



- Assist in the annual risk assessment and corresponding audit planning process.



- Complete internal audit testing, inquiry, observation and other analysis required to meet objectives of assigned audit projects and assess compliance with Internal Audit (IA) and industry (including IIA and CISA) standards.



- Develop working papers documenting performance of all audit work.



- Manage audits with timely completion and communicate progress and results of audit work throughout the audit engagement to auditee and

AVP/Senior Audit Manager Information Systems.



- Provide control consulting services to management to assist in efforts to mitigate risks and improve controls.



- Follow-up with BT management on Bank incidents and potential breaches to determine root cause and make recommendations for

control changes and audit plan changes if appropriate.



- Maintain an in-depth understanding of the IT business processes and the underlying technologies of the Bank's security and network

infrastructure. Keep apprised of related vulnerabilities and breaches that are reported in the media and assess and communicate to AVP/Senior Audit Manager Information Systems any concerns as they relate the Bank Technology.



- Promote new ideas and new ways of designing and executing IT audits through technology and data analytics. Enhance IT audit team access

to information to facilitate audit testing and analysis.



- Develop and manage department standards, tools, and procedures.



- Execute special assignments and other duties as assigned at the direction of the Chief Audit Officer as well as AVP/Senior Audit Manager Information Systems.

Qualifications

Education



- A degree in Computer Science, Information Systems, Business Administration, a related field or the equivalent work experience

and a CISA is expected. A relevant Master's degree or work towards an advanced degree is preferred.



Experience



- Minimum of 7 years of progressively responsible experience in IT audit or a technology role is strongly preferred. Experience in project implementation or pre- implementation audit reviews preferred. Experience within a highly regulated environment is strongly preferred.



Knowledge/Skills



- Prior experience managing performance and development of direct reports is expected. Must be able to provide leadership and guidance

to internal and co-source resources.



- Knowledge of IT Frameworks: COBIT, COSO, NIST-800-53, ISO 27001, ISO 22301.



- Demonstrated knowledge base related to controlling and securing system platforms (including Linux and Windows), database platforms

(Oracle and SQL Server), endpoint platforms, and network infrastructures is strongly preferred. Working knowledge of banking/financial services industry technology infrastructure preferred. Ability to quickly acquire and apply knowledge of changing technologies is essential.



- Sound understanding of audit process, risk-based audit methodology, risk management and advisory services.



- Able to adapt to a changing environment, meet deadlines, and handle multiple projects.



- Experience in using a risk-based audit approach in evaluations of and recommendations for management processes.



- Ability to analyze technology infrastructure, operations processes and internal controls to formulate cost-effective measures to

improve control effectiveness and efficiency.



- Able to present audit findings and recommendations in a manner that will be understood and accepted by all responsible parties.



- Able to operate PC-based software and/or automated database systems required. Demonstrated experience using Microsoft products and

TeamMate desired.

Why is This a Great Opportunity

The organization continually attracts and retains talented business professionals with specific technical capabilities. The IT Audit Manager is a new role. The desired candidate will have strong IT capabilities as well as relevant audit experience. A professional who wishes a management role with a broad scope of involvement in a complicated finance organization is going to be very excited about being considered for this role.