Summary of the position

The IT Senior Auditor, under the supervision of a Lead Auditor, performs preliminary assessments of the audited activity and its internal control framework. She/he performs independent testing and analysis on specific controls primarily in Information Technology, CyberSecurity, and Data Governance in order to meet the audit objectives. He/she also contributes to drafting the debriefing presentation and the final audit report sent to Management.

Key Responsibilities:

The IT Senior Auditor may either work independently or supervise one or several junior auditors.

I – Conduct of assignment

When working independently, the Senior Auditor is responsible for carrying out audit work autonomously as per the audit planning within the defined timeframes in accordance with Inspection Générale (“IGE”, the Internal Audit department of the Bank) methodology and procedures and Internal Audit standards. This includes:
- independently carry out audit planning and fieldwork, including:
- A preliminary assessment of the audited activity highlighting the related risks and controls;
- Interviews, testing and analysis of the results of the controls planned in the audit program;
- Assess processes and controls within core IT infrastructure, IT operations, business continuity planning, and IT disaster recovery, business applications, CyberSecurity, Outsourcing processes, data governance and management. These are assessed against the Control Objectives for Information and Related Technology (“COBIT”) framework, local and global policies of the Bank;
- Clearly and completely document in test sheets the controls performed and the conclusions reached;
- Identify and report on strengths and weaknesses of the audited areas, analyze the root causes and risk impact of the identified weaknesses, draft recommendations to address the audit findings and conclude on the effectiveness of the control set-up and business practices;
- Maintain open communication with auditees throughout the audit, including issue vetting with control owners;
- Suggest approaches (including innovative ones) in order to build the Audit Program for each audit assignment
- Present audit conclusions to IGE management and to management of the audited unit (debriefing presentation, final audit report, etc.);
- Keep the Lead Auditor in charge of the assignment/ Local Head of Audit informed of the progress on the audit work assigned, and escalate any issues that may impact or delay the audit execution, or raise any other relevant information on the assigned audit and the risk and control environment;
- Follow up with Management on remediation status to address audit recommendations, and conduct validation of  corrective actions completed;
- Adhere to the audit work paper management practices to ensure complete archiving of all supporting documentation, audit evidence and deliverables in the designated IGE tools;

II – Team management

On some engagements, the IT Senior Auditor may be asked to assist junior team members or external resources by providing:

- Guidance on audit techniques and expected deliverables

- Feedback on testing, documentation, and conclusions of test results and findings

- Assistance in developing collaborative and productive relationships within the team  throughout the International Network and with auditees

III – IGE Continuous improvement Program / Transversal topics

The IT Senior Auditor contributes to the continuous improvement of IGE methodologies and processes. In addition to the audit responsibilities, she/he may be requested to:

- Provide input to update audit guides or training materials related to specific activities based on existing knowledge, documentation, interviews, etc.

- Build and share knowledge (e.g. through contributing to SynerGIA, delivering training or taking part in various Methods and Support workstreams or assignments)

- Participate in one or several knowledge communities within IGE

At a minimum, the IT Senior Auditor must also complete within the defined timelines all annual required training on banking and regulatory matters to maintain a sufficient knowledge of the audited area for which she/he is responsible. 

Salary Range: $120k - 135k

Required:

Bachelor or Masters’ degree in Information Technology, business, finance, math, engineering or related field

Preferred:

Industry recognized certification (CISA, CISSP, CISM, ACAMS, CPA, CIA)

Required: 

3-5 year experience in audit (internal / external) or banking organization or IT

Preferred:

Previous experience in a bank

·      Auditing techniques

·      Understanding of the risks generated by banking / securities activities

·      Specific skills/knowledge on IT and IT risks

·      Ability to perform basis coding in Python, Java, Javascript.

·      Ability to perform data analytics using spreadsheets, databases, Python, PowerBI

Familiarity with commonly used tools such as ServiceNow, vulnerability scanners and penetration testing tools etc

·      Any specific skills knowledge in using core IT systems of the Bank (understanding of the data production, analysis of the results)

·      COBIT and CMMI Framework

Knowledge of applicable regulations to the Bank (DFS 500, FFIEC Handbooks, etc.)

·      Proficiency in Word, Excel and Powerpoint

·      Analytical skills

·      Verbal and written communication skills

·      Ability to deliver under time pressure

·      Accuracy

·      Organization

·      Autonomy

·      Team spirit

·      Fluent in English

·      Accountability and ownership

·      Relationship management

·      Ability to work in multi-disciplinary and multicultural teams

Basic French