IT Audit - Officer

• Information Technology, Infrastructure and General Controls Audit Team

This role is part of the IT Infrastructure and General Controls Audit Team. This Audit Team will audit State Street's data centers, networks, operating systems, cybersecurity and key IT general control processes.

Information Technology Senior Auditor, Infrastructure

The IT Senior Auditor will be part of the IT Infrastructure and General Controls Audit Team.

The IT Senior Auditor will have technical knowledge in Internet Security, UNIX, infrastructure, workstations, cybersecurity, networks Servers (Windows NT, Novell), network devices (routers, switches, firewalls) and network management (load balancers, firewalls, IDS/IPS, VPN, VOIP, etc.).

This role will audit and review networks/systems, corporate security policies, systems and network architectures, documentation review and development, vulnerability assessments and security testing and evaluation.

The IT Senior Auditor will participate in the performance of audits, specifically focusing on fieldwork and testing the internal control environment and in the reviews of information technology processes and controls.

The IT candidate should clearly demonstrate proficiency in evaluating and testing internal controls and in applying audit skills.

The IT Senior Auditor will complete audit work papers and memoranda by documenting audit tests and findings in an automated Audit Workpaper program.

The IT Senior Auditor will communicate audit progress and findings by preparing reports and providing information in meetings. .

The IT Senior Auditor applies skills using the Division methodology.

He/she can be relied upon to independently perform technical portions of an audit in accordance with Corporate Audit Department and Institute of Internal Auditor standards.

He/she may serve as an in-charge auditor on assignments within his/her area of technical expertise and provides technical consultation to audit and line staff.

Qualifications:

BS/BA preferred in Computer Science or Information Technology or related field.

Must have a CISA or be willing to take the CISA exam within 1 year.

A CISSP, CIA, CPA, CFE, CAMS a plus.

Technical skills would include:

Database (Oracle[12 and VLDB/Exadata], MS SQL, Hadoop, Sybase, DB2)

Enterprise security products (AD, LDAP, Siteminder, Ping) Tools (Qualys, ISIS, Spiceworks) Add-Ons (Quest, Symantec CSP, Cisco NCM)

Network Skills (load balancers, firewalls, IDS/IPS, VPN, VOIP, etc

Experience with:

Large scale enterprise with diverse infrastructures

Design and architecture experience over day to day support

Responsibility to design implement and maintain security of the products over operational support.

The individual in this position generally has five plus years of highly specialized technical experience and clearly demonstrates proficiency in applying that experience to evaluate and test internal controls in audits of a highly technical nature which cannot be covered by the general audit staff.

Previous work experience in information technology audit or technology area.

The candidate must have strong communication skills, both verbal and written, and be able to research industry regulations when necessary.

Travel:

The IT Senior Auditor will travel to State Street offices globally up to 20 % annually.