Stan Hamlet Associates Inc.
60 E. 42 Street, Suite 4600, New York, NY 10165
IT Audit Senior
IT Audit Senior
Salary: Commensurate with experience.
The position will be responsible for leading and executing IT audits of critical systems & infrastructure and continuously monitoring and reporting on the operating effectiveness of the Company's general IT controls. The role will also include participation on financial, operational and compliance-oriented reviews. The position will report to the Vice President of Internal Audit (IA), Director and to the IT Manager of IA.
- Perform control reviews that include processes related to: system development standards, operating procedures, system access security and control, program change management, backup and disaster recovery, and system maintenance.
- Assist with all activities related to the Company's IT component of Sarbanes-Oxley Section 404 certification including:
- Risk Assessment
- Control Documentation and Remediation
- Control Design
- Testing of Operating Effectiveness
- Policies and Procedures
- Administration of Self-Assessments
- Constructively work with management to: identify areas for improvement, collectively agree upon appropriate corrective actions, facilitate remediation efforts, and monitor progress to ensure that the Company is timely addressing and remediating significant deficiencies and/or material weaknesses and deficiencies that jeopardize the achievement of its objectives.
- Work with Manager, Internal Audit to assist key IT personnel in documenting both existing and newly created policies and procedures using established Company standards.
- Assist with the administration of the Company repository for key IT controls documentation related to design, operating effectiveness and management control accountability.
- Prepares detailed plans for performing individual audits including the identification of key risks and controls, determination of audit objectives, and development of an appropriate audit program.
- Assist in the development and maintenance of appropriate testing strategies and test plans to enable management to assess the operating effectiveness of key IT general controls impacting financial
- Prepare written draft audit reports for IT senior management.
- Interact with senior levels of management (CIO, CFO, Controller, etc.) to communicate audit risks, issues and related corrective actions.
- Maintain and develop computerized audit procedures and assist the financial/operational audit teams with requests to appropriately format, manipulate, and analyze data.
- Interface with the external auditors to ensure adequate IT audit coverage and to encourage the sharing of information where practicable.
- Play an important role in the administration of the Company's control self-assessment program and various education efforts related to SOX 404, internal controls, and fraud risk management.
- Contribute to IA Department management strategy to develop, sustain, and continuously enhance the image and perceived value of the IA within the Company.
- Perform non-IT related operational, financial and compliance audits as needed.
- Assist in the development and execution of a comprehensive risk-based audit plan that evaluates the Company's risk management, internal control, and governance processes. Support the development of the annual IT risk assessment and ranking of the information technology environment, including cyber risk.
- Work with the Manager IT Audit, Director and Vice President to develop, sustain, and continuously enhance the image and perceived value of the Internal Audit Department within the Company.
- Assist in the training for department members and other relevant parties within the organization related to the effectiveness of internal controls.
- Supervise and assist in the development of other members of the internal audit group.
- Bachelor's degree in in computer science, networking, accounting, finance or a related field, or sufficient experience in internal auditing, or other field that would provide the same basic knowledge.
- CISA, CISSP, CIA and/or CPA
- 3+ years of experience auditing information systems including audit, planning, execution and workpaper documentation
- Risk management and analysis from an IT specific background
- Project management experience
- Database administration skills
- Understanding of concepts related to information systems audit, including security and control risks such as logical and physical access security, change management, information security, business recovery practices and network technology
- Excellent oral and written communication and presentation skills, strong analytical skills, ability to maintain composure under pressure, and a proactive approach to problem-solving and the overall execution of job responsibilities are all essential qualities necessary to be successful in this position.
- Strong familiarity with COBIT/ISO/NIST frameworks and professional auditing standards.
- Demonstrated knowledge of Sarbanes-Oxley, Section 404 and the Committee of Sponsoring Organizations ("COSO") Integrated Frameworks for Internal Control and Enterprise Risk Management.
- Strong expertise in one or more of the following areas of technology: Infrastructure (e.g. servers, storage, O/S), Network, Information Security, Application Development or Support, Application/Database Architecture.
- Systematic, disciplined approach to evaluate and improve the effectiveness of control and governance processes.
- Ability to multi-task, prioritize and demonstrate sense of urgency with regards to completion of tasks.
- Proficiency in advanced functions of Microsoft Excel and/or Access to develop and support data analysis and reporting.
- Ability to travel approximately 5 - 10% is required.
- Availability to work overtime as required.
Contact a Stan Hamlet Associate: 212-685-4884