Senior IT Auditor

We are currently seeking a Senior IT Auditor to join our team.

The Senior IT Auditor will be accountable for contributing to the design and execution of IT and cybersecurity assurance and consulting engagements as per the risk-based annual audit plan with the primary focus of evaluating and improving the effectiveness of First West Credit Union's IT and cyber risk management, control and governance processes. This role will contribute to Internal Audit's monitoring of First West's technology risk profile and risk-based audit assurance by staying abreast of technology industry trends and the internal IT environment. This role will collaborate directly with stakeholders across First West and provide a high level of professional service in line with the Institute of Internal Auditors' "International Standards for the Professional Practice of Internal Auditing, the Definition of Internal Auditing, and the Code of Ethics" ("IIA Standards").

Here's what would be included as a part of your typical day

1. Audit Delivery: Leads or works as part of a team to deliver IT and cybersecurity assurance and consulting engagements. Contributes to the design and delivery of IT and cybersecurity assurance and consulting engagements using an agile, iterative, risk-based approach, or assists internal audit management in doing so. Designs and develops risk-based audit programs and related procedures for such areas to address the objectives or assists internal audit management in doing so. Completes files within time budgets and target dates, and/or reviews peer staff's files/work to ensure sufficient work was completed and evidence obtained to meet the objectives of the engagement.
2. Reporting & Communication: Investigates audit observations to identify root causes of control deficiencies. Writes concise, risk-focused reports with practical recommendations. Communicates with and engages stakeholders in a diplomatic and tactful manner, in discussions of audit observations, risks and recommendations. Ensures open communication with other members of the Internal Audit department, as well as other employees, members of management, risk, and other organizational partners, in the areas of risk management, governance, regulatory compliance, and internal policies/procedures.
3. Leadership: As a technology subject-matter expert within the Internal Audit team, contributes to and assists Internal Audit team members in the execution of all technology-related aspects of the annual audit plan and other department priorities and initiatives (e.g., learning, and professional development). Influences improvements to First West processes (to achieve intended benefits and mitigate risk) by providing real-time opinions and recommendations to management on change initiatives (e.g., system implementations, technology adoptions, etc.), without compromising independence and objectivity, on risk management, internal control, and governance processes.
4. Professional Standards: Ensures adherence to the IIA Standards and maintains a professional standard of conduct. Maintains an understanding of departmental audit quality standards, policies and procedures, industry regulations, and relevant organizational policies and procedures, and imparts that understanding to staff and incorporating it into all assurance, consulting, and value-add activities.
5. Knowledge Management: Stays current with First West's strategic priorities, governance and risk management processes, business operations, and risk environment, as well as changing regulations, and emerging risks to contribute to Internal Audit's ongoing monitoring of First West's technology risk landscape and quarterly review of the risk-based audit plan. Keeps abreast of relevant governance, risk management and/or IT and cybersecurity frameworks (e.g., COBIT, NIST, etc.), as well as leading technology, industry or professional practices and trends to identify potential technology risks for consideration in specific engagements or annual audit planning. Shares knowledge of technology industry trends with Internal Audit team members to contribute to overall departmental knowledge.

Required Skills, Experience & Qualifications

• Bachelor's Degree in Computer Science, Management Information Systems, Business Administration or equivalent required
• Master's Degree in Computer Science, Management Information Systems, Business Administration or equivalent preferred
• CISA, CISSP, CISM, CRISC, or another related IT designation preferred
• 4 years of overall experience in audit, assurance, risk or other relevant area required
• 1 year of audit experience preferred
• Prior experience using data analytics (e.g., ACL) or other CAATs preferred
• Excellent interpersonal skills, with the ability to interact effectively and build relationships with all levels of the organization
• Demonstrated written and verbal communication skills, with the ability to present information in a clear and concise manner (ability to present results visually highly desired) for audiences ranging from technical expert to senior leadership
• Strong analytical and problem-solving skills, with the ability to process information, reach appropriate conclusions, and develop practical recommendations to improve the overall effectiveness and efficiency of the organization
• Demonstrated knowledge of IT and cybersecurity risks and controls, as well as related risk management and risk-based auditing concepts, techniques, practices, standards and frameworks (e.g., COBIT, NIST, etc.), with the ability to apply the knowledge to audit practice
• Demonstrated ability to understand and/or analyze the relationship between IT and cybersecurity risk, and the underlying business risk or objective
• Solid understanding of IT infrastructure, cloud networking and security (e.g., MS Azure), and third-party risk management controls and practices
• Strong time management skills; demonstrated ability to juggle priorities and meet deadlines
• Displays an understanding of risk and risk ownership by being able to demonstrate adherence to policies and procedures.