The Technology Audit Senior Analyst is responsible for evaluating risks (technology, financial, reputational, and regulatory), testing controls designed to mitigate risk, communicating issues and findings to management, devising solutions for business improvements, and following-up on corrective actions. The Technology Audit Senior Analyst will need to work effectively in a team setting and is expected to:
- Plan and execute multiple concurrent IT audits, including reviews of cyber security, existing production applications, systems currently being developed, technology infrastructure and specialized or emerging technologies.
- Identify and assess complex risks (both business and technological) and to provide advice to management regarding mitigation of these risks.
- Assess the controls over application processes, physical and logical security; systems acquisition and development; system and network infrastructure; system architecture; change management; computer operations; and production support.
- Identify and address systemic control and efficiency issues. Develop data analysis and apply leading edge and other automated tools to provide management with proper context of potential exposure and loss of business due to control weaknesses.
- Develop an ongoing “trusted advisor” relationship with audit clients and Internal Audit business unit colleagues to ensure timely and consistent controls advice.
- Solid understanding of technology best practices for application systems development and infrastructure support (operating systems, network and computer operations, production support, and information security).
- Experience with highly complex and integrated processing environments.
- Proven analytical skills.
- Knowledge and experience with internal controls, risk assessment strategies, audit techniques, data mining, and project management.
- Some understanding of the laws and regulations associated with SEC, FINRA, DoL, and ERISA regulated entities and the use of technology controls to meet these requirements.
- Understanding of the risks associated with current and emerging technologies and the standards and controls being developed to mitigate those risks.
- Strong team player willing to collaborate with highly skilled people on multiple levels.
- Strong oral and written communication skills.
- Ability to work on multiple tasks and manage team priorities and workload.
- Team player who takes initiative and works constructively with other senior leaders to achieve goals.
- Hands-on work style and “can do” attitude with a strong desire to make things happen.
Education and Experience
- BA/BS in Technology, Finance, Accounting or related field of study.
- Professional audit or information security certifications preferred (CIA, CPA, CISA, CISSP, SANS GIAC, etc.).
- Typically two to five years of experience in technology audit, information security, systems engineering, or related fields.
Skills and Knowledge
- Demonstrated technical abilities across a wide range of topics including:
- operating systems (z/OS, UNIX, Linux, Windows)
- networking (firewalls, TCP/IP, Active Directory)
- cyber security operations (penetration testing, incident response, virus/malware analysis, secure code analysis)
- messaging and directory systems (Exchange, Sendmail, LDAP)
- database management systems (Oracle, DB2)
- web application (.Net, XML)
- software tools (Java, VB, ASP)
- Some knowledge of financial services and/or relevant technologies supporting regulatory, brokerage, transfer agency, financial statements.
Contact A Stan Hamlet Associate: 212-685-4884