Information Systems Auditor

Information Systems Auditor

Position Purpose:

The information systems (IS) auditor serves as a trusted resource when assessing internal systems and controls, and is a key point of contact with external examiners. The IS auditor works under general supervision alongside cybersecurity teams to identify and verify risks to systems and data, and ensure teams are cognizant of any deficiencies and working toward addressing findings and recommendations. An IS auditor understands security risks and technologies and can effectively communicate them to business units. In addition, the IS auditor evaluates risk according to best practices, as well as compliance mandates, and provides detailed reports from assessments. When external examiners conduct engagements, the IS auditor is a primary point of contact and facilitator to ensure teams are abiding by safe computing and administrative procedures.

In this position, the IS auditor will regularly review, evaluate, and verify controls, and then document and report based on the state of the engagements. The IS auditor uses key risk indicators and IT general controls (ITGC) when assessing system design, data privileges/access and the entire supply chain related to a business system. The results and reports are shared with internal audit and risk teams, and leadership responsible for the audit outcomes. IS auditors also follow up and verify appropriate actions have taken place.

Essential Functions and Responsibilities:

1. Work closely with audit and security leadership to ensure cybersecurity and audit policies and practices as defined in global and industry standards are aligned with an appropriate level of risk.
2. Retain expertise in one or more compliance standards, including Sarbanes-Oxley Act (SOX), Payment Card Industry (PCI), National Institute of Standards and Technology (NIST) and International Standards Organization (ISO) 27001.
3. Coordinate with stakeholders and gather technical details for documenting business cases to be presented to clients.
4. Enforce a strong security culture mindset set forth by risk management, ensuring uniformity across technical teams, business units and employees.
5. Engage with critical third parties and validate adequate controls are in place.
6. Remain up to date on security threats, vulnerabilities and mitigations set forth by IT and security teams to reduce the corporate attack surface.
7. Recommend information security improvements by assessing current situations, evaluating trends, and anticipating requirements.
8. Conduct architecture reviews and identify where security controls must be implemented.
9. Persuade IT and security teams to adopt cybersecurity controls.
10. Serve as a point of contact and liaison with external examiners.
11. Stay abreast of new laws, regulations, and standards, and assess their impact to the business.

The above statements are intended to indicate the general nature and level of work being performed by employees within this classification. They are not intended to be an exhaustive list of all responsibilities, duties and skills required of employees assigned to this job. Employees in this job may perform other duties as assigned.

Requirements

Minimum Job Requirements (Education, Experience, Skills):

• Bachelor’s degree in Information Security or Computer Engineering / Science preferred
• At least 5 years’ cybersecurity experience.

• CISA certification required.
• Strong written and verbal communication skills across all levels of the organization.
• Skilled at working with diverse teams and promoting enterprise-wide risk management rigor and security-first culture.
• Project management, multitasking and organizational skills.
• Demonstrated ability to interact with all levels of the organization.
• Strong follow-through and ability to complete tasks on schedule.
• Strong focus on customer service to internal departments and external clients.
• Strong organizational skills with the ability to multi-task.
• Strong verbal and written communication skills.
• Technical curiosity and ability to effectively function in a fast paced and constantly changing environment.