Senior IT Audit Staff

As a Technology Risk and Compliance (TRC) Staff, you will focus on helping clients understand and mitigate their technology and cybersecurity risks. The TRC team’s service offerings include SOC 1®, SOC 2®, PCI, ISO 27001, HIPAA, and many other IT risk and control frameworks. You will work towards developing the fundamental knowledge and technical skills to be successful in the growing field of Information Technology Risk and Compliance services. In addition, there are numerous consulting opportunities related to assessing IT and cybersecurity risks for multi-national and local clients.

Job Description

IT Control Attestations

• Work directly with IT Audit Managers and clients to gain an understanding of the client’s IT systems, infrastructure, and control environment
• Apply that understanding to a variety of IT risk and control frameworks such as SOC, PCI, HIPAA, ISO, FFIEC, NIST, CIS Security and many others
  
  

• Understand the clients and their stakeholders to assist with an independent assessment of their IT risks and be involved with developing various types of reports and presentations to stakeholders
  
  

• Evaluate controls, including understanding the best way to test the effectiveness of controls
  
  

• Document the procedures and results of tests performed during control testing and document conclusions
  
  

• Ensure quality control procedures are being executed under direction of engagement supervisor, and perform thorough self-review of all work prior to submission
  
  

• Track time and maintain designated chargeable hours for the year
  
  

• Work is conducted in a professional office environment with minimal distractions Physical demands
• Prolonged periods of sitting at a desk and performing work in front of a computer screen for long periods of time
• Must be able to lift up to 15 pounds at a time
  
  

• Some travel is required. The TRC team meets once a year at various offices in the country
• Some client travel may be required.
  
  

• Bachelors degree in accounting, information systems, or similar with an interest in information technology
• A minimum of 1 – 2 years of related internal audit and IT audit experience
• Must have a desire to work toward achieving one or more of the following certifications:
• Certified Public Accountant (CPA)
• Certified Information Systems Auditor (CISA): ISACAs globally recognized cornerstone certification for IS, audit, control, assurance, and security professionals who control, monitor, and assess an organizations information technology and business systems
• Certified Information Systems Security Professional (CISSP): An independent information security certification governed by the International Information Systems Security Certification
• Consortium, also known as ISC², which provides security training to information assets
• Certified Information Security Manager (CISM): ISACAs certification program for those who manage, design, oversee, or assess an enterprises information security
  
  

• Experience with IT systems