IT Auditor Sample Job Descriptions

[Your Company Name] is looking to hire a new IT auditor to join our company. As an IT auditor, you will be in charge of ensuring the protection of system information and controls and ensuring that data and systems are not subject to breaches of security faults. The ideal candidate for this position will have previous experience in the field and be a certified information systems auditor. Your daily tasks will include evaluating systems, resolving any breaches that take place, fixing any potential issues with the security system to prevent breaches, and auditing any network problems which may arise. You will also be in charge of managing and updating firewall software and making sure that financial software is not breached. To do this, you must manually inspect the required aspects of the system, as well as keep an eye on the latest technological developments to ensure that no security faults have been discovered. If this position is of interest to you, please apply to join our team.

Typical duties and responsibilities

• Conduct audits and assesses appropriate solutions to complex problems
• Identify risks and controls of the IT department 
• Identify areas of improvement
• Perform and document audit findings 
• Provide recommendations from assessments
• Audit computer systems to minimize risks
• Participate in technology audits and technology project reviews 
• Maintain and revise existing compliance programs 

Education and experience

This position requires a bachelor’s degree in business administration, information technology, finance, information systems management, or another relevant field. CISA or CISSP certification is a plus.

Required skills and qualifications

• Strong teamwork and interpersonal skills
• Proficient in finding creative solutions to complex problems
• Excellent verbal and written communication skills
• Detail-oriented and analytical thinker 
• Proficiency in Microsoft Office Suite and other applications 
• Ability to identify, assess and advise on risks for technology projects

Preferred qualifications

• Bachelor’s degree in Information Systems, Accounting or Finance
• 1+ years of system auditing and programming analysis experience
• Knowledge of basic audit standards and processes, systems design, system operations, end user computing technologies, and audit software

Position summary

This position will lead and participate in audits and consulting projects, under the oversight of the Chief Audit and Ethics Officer, with the objective of analyzing and assessing the District’s enterprise technology (ET) infrastructure and cybersecurity. Works both autonomously and with the internal audit team to execute risk-based internal audits utilizing agile auditing principles. Serves as the internal audit team’s subject matter expert (SME) in identifying ET and cybersecurity risks and recommendations for management to strengthen operations. Builds and maintains relationships within the internal audit team and other departments.

Education, training and experience

• Bachelor’s Degree in Computer Science, Management Information Systems, or another Business-related field is required
• 4+ years of experience in ET related position required
• 2+ years in internal or external auditing preferred
• Prior knowledge and experience in the following areas is preferred but not required
• Applying IT and Cybersecurity control frameworks including CIS 18, NIST, COBIT, ISO 2700
• System and software applications and related controls including Active Directory, SAP(ERP) roles, and profiles
• Data analysis and visualization tools such as ACL, MS Office, MS Business Intelligence, SAP, SAC
• Networking infrastructure and data center designing including Cloud
• Industrial computer control systems and devices including IoT, Programmable Logic Controllers (PLC)
• Agile project development and/or agile auditing principles
• Institute of Internal Auditors (IIA) International Professional Practices Framework

Licenses and/or certifications

• Certified Information Systems Auditor (CISA) or
• Certified Information Security Manager (CISM or
• Certified Information Systems Security Professional (CISSP) or
• Acquire certification within 3 years of beginning employment

Essential duties & responsibilities

• Plans, leads, and executes risk-based ET audits and consultation projects within a team based agile auditing approach using established internal and ET auditing standards
• Participates as the ET SME on team based operational, compliance, and financial audits
• Builds relationships with internal audit clients to ensure communication and delivery of value-added services
• Ensures audit documents (narratives, process flows, risk assessments, programs, workpapers, etc.) and reports, with minimal revisions required, capture the procedures performed, support conclusions reached, identify internal controls and control weaknesses, and provide value-added recommendations
• Delivers reports to communicate observations, issues, risks, and recommendations
• Assists the Chief Audit and Ethics Officer with the internal audit department’s annual audit plan and ET risk assessment
• Serves as a subject matter expert consulting management by providing direction and feedback outside of normal audit procedures
• Conducts and/or provides assistance in investigations related to ethics, fraud, and/or other issues
• Accountable for other duties as assigned

Core competencies

• Customer Focus
• Employees & Teamwork/Diversity & Inclusion
• Integrity/Excellence
• Public Service/Environmental Stewardship
• Safety

Summary

The IT Auditor works with internal audit, business and IT Management to plan and perform basic to complex internal and enterprise-wide IT, operational and regulatory audits. This responsibility includes performing internal audits of the development life cycle, cyber security procedures and third party risk management. Additional responsibilities of the IT Auditor include: Identifying control deficiencies, assessing exposure and significance, proposing cost effective recommendations, and preparing internal audit reports reflecting the results of the work performed. Our IT Auditor may also perform follow-up on the status of outstanding audit issues.

Responsibilities

• Conduct IT risk assessment by understanding business objectives, internal controls, enabling technology, and IT infrastructure
• Perform audit work over various technologies utilized by the company and various IT functions. Assess both the design and operating effectiveness of internal controls
• Prioritize and assist in scheduling audit tests to be performed, and interact with auditees to obtain the necessary information
• Contribute to identification of department operational efficiencies and changes in auditing operations
• Evaluate controls designed to prevent or detect fraud, including management override of controls
• Prepare and present findings as needed
• Communicate audit results and recommendations both orally and in writing to the management
• Schedule and conduct presentations at meetings with auditees and management as needed
• Participate in audit teams and department committees
• Acquire additional knowledge of regulations and emerging technologies
• All other duties as assigned

Education requirements

• Bachelor’s degree preferred, high school diploma (or equivalent) in combination with significant experience will be considered in lieu of degree. Minimum of high school diploma or equivalent is required.

Basic requirements

• 2+ years experience of experience in information systems auditing
• Ability to travel
• Excellent analytical skills
• Ability to resolve problems and make decisions independently
• Excellent verbal and written communications
• Skilled in operating personal computer and various software packages (Microsoft Office, Outlook, Excel, etc.)
• Experience with ACL, Power BI, or other data analytics software preferred

Preferred requirements

• CRISC, CISA, CISSP, CRISC, CIA, CISM, CGEIT, or other relevant certification
• Knowledge of FINRA, SEC, and compliance rules and regulations
• Knowledge of cybersecurity and IT infrastructure
• 2+ years previous financial services industry or audit experience

ABC Company has an opportunity for a IT Auditor for one of our top clients. The successful candidate will be reviewing the audits that are sent over before they are delivered to the auditors. They will also be responding to the audit queries, trying to understand what they are asking for, and ensuring the audits are correct.

Here are the details:

• Position: IT Auditor
• Location: (City, State) (100% Remote)
• Rate: Negotiable
• Duration: 6 Months – C2H

Responsibilities:

• Interacting with different folks to get artifacts and engage teams and stakeholders
• Help ensure regulations for technologies
• Control testing/framework (Version 4 or 5)
• Working with Auditors

Must haves:

• 5-7 years of IT Auditor experience or some sort of expert knowledge around Auditing
• IT Auditor
• 2ND Line Tech/operation Risk roles
• Strong technical background, supporting the regulations for technologies and understand the artifacts in which are being audited.
• Should have exposure to the following technologies – ITIL, SQL, and Access Management
• Must understand the SDLC process and have worked in that type of environment
• Some sort of Audit certification ( Ex. CISA) OR CISSP ( Security Cert)

Nice to haves:

• Capital Markets knowledge
• Information Security experience