IT Audit Manager
IT Audit Manager (State Street Bank and Trust Company; Boston, MA): The IT Audit Manager is responsible for providing advisory services to management through application pre-implementation reviews that identify IT-related risks in new business applications while they are being developed or undergoing major changes or sourced from external vendors. The IT Audit Manager will manage assessment procedures and testing for integrated audits utilizing a risk-based audit approach. The application controls subject to testing will be determined during the risk and controls assessment phase of the audit and will include specialized auditing techniques and knowledge of corporate policies, procedures, standards and guidelines, industry best practices (e.g. COSO, COBIT, NIST, ITIL, ISO 27001, FFIEC IT Handbook etc.), data analytics, logical access controls and security of application, database, servers, shared network drives holding sensitive information, reviewing application parameters, edit checks, mappings and scripts, completeness and accuracy of input, processing, output, exception reporting related to data interfaces. Additionally, the IT Audit Manager also performs horizontal reviews of IT control environment by assessing and testing the General IT Controls. Specific duties of the position include: Working with business auditors to understand risks and related controls in the Enterprise Risk Management, Treasury, Finance, Global Markets and Technology areas including automated controls such as input, processing and output controls embedded within business applications, utilizing efficient and effective assessment methodologies including data analytics and scenario testing; performing assigned work on multiple audits or special projects, and consulting as a subject matter expert, using the Divisions audit methodology to evaluate risk, determine control objectives, and verify the extent to which control techniques meet objectives; providing consultation to Corporate Audit Division staff on Information Technology, Regulatory and Risk technology, application security assessment and data analytics matters; executing technical portions of reviews and training the audit staff in technical skills; identifying and assessing the risks and associated mitigating controls with an aim to improve the control environment; devising effective, risk-based and efficient approaches to testing key application controls such as electronic authorizations, application parameters, settings or scripts, as well as application access to sensitive application transactions and data interfaces; obtaining and analyzing evidentiary data as a basis for drafting an informed, objective opinion on the adequacy and effectiveness of controls of the activities being reviewed; executing and documenting audit work in accordance with Division and industry standards and concluding on the audit test results and overall effectiveness of controls; escalating audit issues to senior management and interacting with audit director and department heads. Domestic travel required 10-15% of the time. Telecommuting permitted pursuant to company policy.
Minimum requirements are: Master’s degree in Computer Science, Information Security, Information Systems, or a related field, or its equivalent; plus 3 years of IT Audit experience. Alternatively, the employer will accept a Bachelor's degree in Computer Science, Information Security, Information Systems, or a related field, or its equivalent; plus 5 years of IT Audit experience.
Must have: Demonstrated experience performing full project management audits; knowledge of auditing application systems governance; knowledge of systems access and security, systems development lifecycle and change management; knowledge of industry best practices including COSO, COBIT, NIST, ITIL, ISO 27001, or other relevant IT regulatory requirements; experience testing key application controls including electronic authorizations, application parameters, settings or scripts, and access to sensitive application transactions and data interfaces; knowledge of data analytics tools such as ACL and SQL scripts; proven knowledge of auditing Windows, Unix, Mainframe, Oracle and Cloud (AWS, Azure) security, ETL tools and Autosys; ability to independently extract and use reports from application and tools such as AD Tool, SailPoint, ServiceNow, ISRMP, Vena, Archer, or Discovery M7.
To be considered for this position, must apply online at careers.statestreet.com. State Street Job ID: R-740353. An EOE.
Salary Range:$135,400 - $190,000 Annual
The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.