IT Audit Associate
- Assist / Lead the risk assessment, scoping and planning of a review.
- Assist / Lead in executing the review. Specifically focusing on the following:
- Design and execute tests to validate identified application system controls, which may require data analysis, code inspection and re–performance of system processes.
- Analyse the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business–aligned technology groups.
- Analyse the business and technology processes to evaluate the effectiveness of the relevant technology controls.
- Validate that system features meet business, technology and regulatory requirements.
- Validate the quality of internal SOX assessments.
- Document the results of the test steps executed within the IA automated document project repository.
- Assist/Lead in the report preparation
- Assist/Lead in presenting the scope, progress and results of the review to internal, technology and business stakeholders.
- Minimum 3 years work experience, with 1 year minimum auditing experience
- Possess a degree in Computer Science, Information Security, Engineering or equivalent
- Technology skills including:
- Deep understanding of Linux and Windows operating systems, experience of batch scripting and executing standard commands
- Internet infrastructure design and installation and support of network devices and firewalls
- Cloud computing concepts, technologies, risks and mitigating controls
- Systems and security administration and configuration of servers and desktops (UNIX, Windows, directory services etc.)
- Security risks related to web, mobile, web services, and client/server architectures
- Encryption schemes (symmetric, asymmetric, and hashing) and how they may be applied in an application architecture
- Vulnerability assessment and penetration testing methodologies and processes for web, thick client and mobile applications
- Experience with Splunk and/or other SIEM platforms would be useful but not required
- Threat modelling, intelligence and incident response
- Management, monitoring and operations of technology (backups, change management, system monitoring, incident/problem Management)
- Business continuity planning and disaster recovery design and implementation
- Security within the software development lifecycle
- Relevant technology standards and regulations – NIST Cyber Security Framework, FFIEC CAT, ISO 27001, GDPR, NYSDFS, data privacy rules, FFIEC IT handbooks etc.
- Data and log analysis (using SQL and Splunk) and visualisation (using Spotfire, Tableau, QlikView or other) would be useful but not required
- Relevant certification or industry accreditation (CISA, CISSP, CISM, etc.) useful but not required
- Ability to work effectively across a large audit team, understanding the team's role in the overall strategy of the firm
- Written and verbal communication skills a must; strong interpersonal skills essential. Job requires frequent interaction with technology management
- Must be able to multitask while managing both time and work load
- Must be highly motivated with strong analytical skills, willing and able to learn new business and system processes quickly