Job Summary
The Senior IT Auditor performs a preliminary assessment of the audited activity and its internal control framework. He/she performs independent testing and analysis on specific controls in order to meet the audit's objectives. He/she also contributes to drafting the debriefing presentation and the final report sent to Management.
Depending on the assignment, Senior IT Auditors may have to directly supervise one or several Auditors and may act as deputy to the Lead Auditor.
Key Responsibilities
The Senior IT Auditor may either work independently or supervise one or several auditors within a dedicated assignment.
I – Conduct of assignment
When working independently, the Senior IT Auditor is responsible for carrying out audit work autonomously as per the audit planning within the defined timeframes in accordance with IGE methodology and procedures and Internal Audit standards. This includes:
- To independently carry out audit planning and fieldwork, including:
- A preliminary assessment of the audited activity highlighting the related risks and controls
- Interviews, testing and analysis of the results of the controls planned in the audit program
- Assessing controls for compliance with regulations
- Assessing processes and controls within core IT infrastructure, IT operations, cybersecurity, business continuity planning and IT disaster recovery, business applications, data governance and management.
- Assessing control design, effectiveness and sustainability
- To document clearly and precisely in test sheets the controls performed and the conclusions reached
- To communicate succinctly and precisely in verbal and written communications
- To identify and report on strengths and weaknesses of the audited areas, to analyse the root causes and consequences of the identified weaknesses, to formalise possible remediation and recommendations to address the findings and to conclude on the effectiveness and efficiency of the control set-up and business practices
- To present audit conclusions to IGE management and to the management of the audited unit (debriefing presentation, final audit report, etc.)
- To keep his/her management informed of the progress on the audit work assigned, and to escalate any issue that may impact or delay the audit's execution or to raise any other relevant information on the assigned audit and the risk and control environment
- To proactively conduct recommendations follow-ups to monitor whether adequate corrective actions have been taken prior to closing any recommendations
- To ensure proper archiving of any supporting documentation, audit evidence and deliverables.
- To demonstrate accountability and ownership for the work assigned
II – Team management
- Training the Auditors on the audit
- Reviewing the work performed by the auditor to ensure that the test results and the findings are adequately documented and the recommendations are relevant
- Providing regular feedback to the Auditor and contributing to the definition of objectives and to the end of assignment assessment related to the team allocated during assignment
- Ensuring collaborative and productive relationships within the team and good coordination throughout the International Network and with auditees
III – IGE Continuous Improvement Program / Transversal topics
The Senior IT Auditor contributes to the continuous improvement of IGE methodologies and processes. As part of her/his responsibilities, she/he:
- Prepares or updates audit guides, scorecards or training materials related to specific activities based on existing knowledge, documentation, interviews, etc.
- Monitors the implementation of recommendations issued
- Builds and shares knowledge (e.g. through contributing to SynerGIA, delivering training or taking part in various Methods and Support workstreams or assignments)
Role-specific Requirements
This role may require business travels in any relevant locations to conduct the assigned audits, for periods up to several consecutive weeks (from 1 week to two months).
Auditors must comply with the CACIB Audit Charter, in particular the five fundamental ethical principles (integrity, objectivity, confidentiality, expertise, and transparency) and all other locally applicable regulations.
Role Requirements
- Bachelor or Masters degree in IT, accounting, business, finance, engineering or related field
- Industry recognized certification (CISA, CIA, CISSP, ACAMS) is preferred, but not necessary
- 2-5 years experience minimally in audit (internal / external), banking organization (preferred) or IT
- Proficiency in Word, Excel and Powerpoint
- Strong analytical skills
- Verbal and written communication skills
- Ability to deliver under time pressure
- Ability to work in multi-disciplinary and multicultural teams
- Understanding of the risks generated by banking / securities activities
- Specific skills/knowledge on IT and IT risks
- Any specific skills knowledge in using core IT systems of the Bank (understanding of the data production, analysis of the results) is preferred
- Ability to perform data analytics using spreadsheets, databases, Python, PowerBI is preferred
