GENERAL SUMMARY
The role of this position is to perform IT Audits for the purpose of identifying and assessing risks, control objectives and controls in the IT environment. The IT audits include audits of applications, IT infrastructure and facilities, information security, and system development life cycle. This position reports in to the Senior Manager of IT Audit.
ACCOUNTABILITIES:
· Identifies and evaluates risks and controls.
· Applies considerable business and technical knowledge during audits and in recommendations prepared for senior management.
· Performs audits in support of the annual IT audit plan.
· Recommends enhancements to the IT audit methodology.
· Communicates results of audits and reviews both verbally and in written form.
· Participates in meetings (e.g. staff meetings, various meetings during and audits) and committees (e.g. software projects impacting the department).
· Contributes to the development of a positive relationship with colleagues and clients.
· Seeks client input and addresses their concerns in a proactive manner during all audits.
· Negotiates with clients to achieve the most optimum results possible.
· Assists in the planning, monitoring and execution of the annual IT audit plan.
· Provides guidance to junior staff.
· Acts as an advocate for IT controls.
· Researches and analyzes risk and controls associated with IT processes and technologies.
· Attends seminars and conferences, reviews professional literature.
· Performs other duties required in support of the administration and functioning of Internal Audit Services (e.g. consulting assignments in response to ad-hoc client requests).
SKILLS REQUIRED:
- B.Sc. in Computer Sciences or Math, B. Commerce or equivalent.
- Fully designated Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP).
- A minimum of 3 years experience within an IT audit role or at an Analyst level within an IT role
- Strong working knowledge of (CObIT) IT Governance framework and COSO internal control framework.
- CA, MBA, CMA, CIA or industry certifications such as SANS, CCNA, MCSE, PMP are considered an asset.
- Knowledge of IT processes as described in CobIT. Knowledge of SDLC and Project Management techniques.
- Experience in any of the following areas is considered an asset:
- Platforms: desktop, mainframe, NT servers, RS6000
- Operating systems: Windows, NT, Unix/ AIX, MVS, DOS/VSE
- Business applications: ERP, web applications, Business continuity planning
- Technical Services: Internet services, security, Disaster Recovery Planning, Telecommunications and networking.
- Strong interpersonal skills to facilitate working with staff at all levels to obtain a full understanding of the assigned compliance area.
- Strong testing execution and documentation skills.
- Strong analytical skills.
Proficiency in Microsoft Office (Word, Excel, Outlook) and MS Project are required
