The Function Purpose
The Senior IT Auditor will play a critical role in planning, executing, and reporting on complex IT audit engagements, with a focus on identifying risks, evaluating IT controls, and ensuring compliance with regulatory and industry standards. Senior IT Auditor will be responsible for providing actionable insights to strengthen the organization’s IT governance, risk management, and internal controls.
Main Responsibilities
- Support the IT Audit Manager and IT Audit Director in conducting the annual IT risk assessment by identifying, evaluating, and prioritizing IT risks.
- Contribute to the development of the Annual IT Audit Plan by providing insights into high-risk areas, emerging IT threats, and regulatory requirements.
- Lead and execute IT audit engagements, including planning, fieldwork, control testing, and reporting, under the direction of the IT Audit Manager.
- Evaluate the design and effectiveness of IT controls across infrastructure, applications, cybersecurity, data management, and IT governance frameworks.
- Perform technical control assessments in key areas such as Information security (e.g., access controls, endpoint protection), Network and infrastructure management, Cybersecurity and incident response, Business continuity and disaster recovery, IT operations and service delivery, Application controls and system development lifecycle (SDLC), Cloud computing, outsourcing, and third-party risk management.
- Conduct audit testing to validate the design and effectiveness of IT controls and compliance with internal policies and regulatory standards.
- Perform root cause analysis for control gaps and weaknesses, ensuring that findings address underlying risks effectively.
- Ensure all audit findings are evidence-based, well-documented, and aligned with audit methodology and professional standards.
- Prepare clear, concise, and factually accurate audit reports, summarizing observations, risk assessments, and actionable recommendations for review by the IT Audit Manager.
- Conduct follow-up activities to ensure that management implements corrective actions for audit findings.
- Collaborate with other internal audit teams to support integrated audits and provide IT-specific expertise for financial and operational audit engagements.
- Provide mentorship, guidance, and training to Junior IT Auditors to enhance their technical knowledge, audit skills, and overall proficiency.
- Foster a culture of continuous improvement within the IT Audit team, promoting the use of data analytics and innovative audit techniques.
- Build strong relationships with IT and business stakeholders to promote a collaborative approach to risk management and control improvements.
- Continuously monitor advancements in technology, emerging IT risks, regulatory changes, and industry best practices, ensuring the IT audit function remains forward-looking and relevant.
- Provide insights into emerging IT risks, such as cybersecurity threats, data privacy concerns, and cloud computing risks, to enhance audit coverage and risk mitigation strategies.
Background
- Bachelor in Computer Science, Cybersecurity, or related field.
- 4+ years of experience in IT auditing.
- Professional certifications: Mandatory: CISA, Preferred: CISM, CRISC, CISSP, or equivalent.
