Job Summary

The Manager of IT Audit and Internal Controls oversees the evaluation and improvement of the organization’s IT controls, ensuring compliance with regulatory requirements, mitigating risks, and strengthening governance. This role combines expertise in IT auditing and internal controls to safeguard the organization’s IT infrastructure, data integrity, and business processes.

Key Responsibilities

1. IT Audit Management

• Develop and execute comprehensive IT audit plans based on risk assessments and organizational priorities.
• Perform audits on IT systems, applications, databases, cloud environments, and network security to evaluate risks and control effectiveness.
• Assess IT infrastructure and application controls, including cybersecurity measures, system development, and change management processes.
• Ensure audits align with professional standards (e.g., IIA, ISACA, COBIT) and industry best practices.

2. Internal Controls

• Evaluate the design and operating effectiveness of IT and operational controls.
• Develop and implement frameworks for internal control assessments, aligning with regulatory requirements such as SOX, GDPR, PCI-DSS, or HIPAA.
• Collaborate with process owners to document workflows, identify control gaps, and implement corrective actions.
• Perform periodic reviews of control activities, including user access reviews, segregation of duties, and data privacy practices.

3. Risk Assessment and Mitigation

• Lead IT risk assessments to identify vulnerabilities, evaluate impacts, and propose remediation strategies.
• Monitor emerging IT risks, such as ransomware, data breaches, and third-party risks, and recommend mitigation techniques.
• Work closely with IT and business units to ensure risk management policies are adhered to and updated.

4. Leadership and Team Development

• Manage and mentor a team of IT auditors and control specialists.
• Provide guidance on technical audits, internal control assessments, and career development.
• Coordinate audit projects, ensuring timely delivery of high-quality work.

5. Stakeholder Communication

• Prepare and present detailed reports on IT audit findings, internal control assessments, and recommendations to senior leadership and the audit committee.
• Act as a liaison between internal audit, IT, external auditors, and regulatory agencies.
• Facilitate cross-departmental collaboration to enhance IT control environments.

6. Continuous Improvement

• Promote the adoption of innovative technologies and tools for audit and control monitoring (e.g., automated controls, data analytics, and AI).
• Develop training programs to educate staff on IT risks, internal controls, and regulatory compliance.
• Regularly evaluate and update audit methodologies and internal control frameworks to ensure relevance.

Qualifications

• Bachelor's degree in Information Technology, Accounting, Finance, Computer Science, or a related field.
• Certified Information Systems Auditor (CISA) (preferred) OR Certified Internal Auditor (CIA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM)
• 8+ years of experience in IT audit, internal controls, or risk management, with at least 2 years in a leadership role.
• Strong knowledge of IT frameworks, systems, and regulatory requirements (e.g., NIST, ISO 27001, COSO, COBIT).

Skills

• Exceptional analytical, problem-solving, and organizational skills.
• Proficient in IT audit and governance tools (e.g., ACL, IDEA, Archer, Power BI).
• Strong written and verbal communication skills, including the ability to present to executive management.
• Knowledge of emerging technologies and their associated risks, such as AI, IoT, and blockchain.
• Strategic risk management and decision-making.
• Leadership and team-building capabilities.
• High ethical standards and a commitment to continuous improvement.
• Ability to manage multiple priorities and deadlines effectively.