Position Summary:
The Senior Technical IT Auditor reports to the VP/IT Audit Manager within
the Internal Audit department. The Senior Technical IT Auditor�s primary
function is to perform independent information technology audits of the
bank�s technology and banking applications in accordance with the annual
IT Audit Plan. The Senior Technical IT Auditor will have the opportunity
to work independently as well as in teams. The Senior Technical IT
Auditor will be expected to work together with financial and operational
auditors to conduct integrated audits of the bank�s key transaction
systems. This is a customer facing position which requires extensive face
time with auditees (customers), therefore the Senior Technical IT Auditor
must have the ability to effectively interact with all levels of bank
personnel. The Senior Technical IT Auditor must establish the competency
to consistently exceed customer expectations of the value that Internal
Audit delivers.
The Senior Technical IT Auditor must stay current with banking industry
trends across lines of business to enable Internal Audit to be proactive
toward the bank�s ever-changing business risks. Proactively stays abreast
on regulatory requirements impacting the bank�s system of internal
controls. Uses automated auditing utilities, tools and techniques to
efficiently review systems, extract and analyze data (Visio, ACL, Access,
Monarch, network assessment tools, etc.). May provide training/guidance
to less experienced auditors.
Primary Duties:
1. Plan and complete assigned technology related audits in a professional,
diligent and efficient manner
2. Identify technology related risks and evaluate the business impact
3. Function as an Internal Audit champion when interacting with Computer
Technology Services (CTS) personnel and with personnel in user departments
4. Establishing and maintaining strong customer relationships with
internal and external customers, managers and staff throughout the bank to
establish credibility as a valued technology/business advisor from a
security and controls perspective
5. Learning and understanding the business of CTS in order to provide
value added services
6. Evaluate technology-enabled business processes, identify weaknesses and
provide suggested solutions to strengthen internal controls and achieve
operating efficiencies
7. Verify the functioning of complex existing computer systems by
reviewing specifications and performing testing of transaction to ensure
the application controls are adequately designed and operating effectively
8. Function as a thought leader in the areas of security and controls of
technology and business applications
9. Leverage principles of COBIT (Control Objectives for Information and
related Technology) when conducting IT audits
10. Develop audit reports, which articulate risks (business and
technology), impact on the bank�s internal control structure, and value-
added recommendations/solutions/action plans. Include in report the audit
scope, objectives, executive summary and detailed observations and
recommendations
11. Perform follow-up reviews as necessary to determine whether
deficiencies are corrected. Report to senior management
12. Participate on special projects as requested
13. Ensure that all work is performed in accordance with department and
professional standards/procedures
14. Proactive communication with IT Audit management regarding personal
progress on assignments
Critical Skills/Competencies:
� Excellent verbal and written communication skills
� Ability to effectively present recommendations to all levels of
management
� Strong analytical skills with creative approach to problem solving
� Ability to think �out of the box�
� Strong customer focused mentality
� Strong background in auditing techniques and/or computer control
environments
� Strong interviewing skills
� Research and resolve issues using analytical, interpretive and
imaginative thinking
� Initiative and drive to perform research of new/emerging technologies
� Ability to manage multiple assignments simultaneously
� Ability to communicate highly technical issues to non-technical audiences
� Thorough, diligent, detail oriented documentation skills
� Maintain and promote a professional image of self, department and the
bank
� Demonstrate an objective, helpful outlook that positively influences own
performance and the performance of others
� Provide training and ongoing assistance to financial auditors
� Attend seminars and training classes and participate in professional
organizations
Technical Requirements:
Excellent understanding of concepts related to information systems audit
as it relates to mainframe, AS/400, HP 9000, Novell NetWare, Windows NT,
business continuity planning, computer operations, information security,
VPN, firewalls, electronic commerce, telecommunications, network security,
database management systems, system development and project management
practices.
Education, Knowledge and Prior Experience:
� Masters or Bachelors of Science, Masters or Bachelors of Business
Administration in Accounting, Computer Science, Management Information
Systems or related field � dual degree program or combination of degrees
preferred
� 5 + years experience, IT Audit, security and controls consulting, risk
management or Internal Audit
� Public accounting experience preferred
� Financial Services experience preferred
� Professional certification such as CISA, CISSP, CPA, and/or CIA preferred
� Must be very familiar with accounting and control practices as well as
possess a broad understanding of business operations, analytical
techniques and professional standards
� Must have a firm understanding of management concepts and practices and
principles of internal control
