Director of Internal Audit Services

The Director of Internal Audit Services (IAS) leads the Bank’s internal audit function, providing independent assurance on the effectiveness of internal controls, risk management, and governance. Reporting functionally to the Audit Committee Chair and administratively to the Chief Risk Officer, the Director develops and executes a risk‑based annual audit plan aligned with regulatory expectations and organizational priorities. The role oversees audit planning, fieldwork quality, staff development, and the use of co‑sourced or outsourced audit resources. The Director also manages Sarbanes‑Oxley Section 404 testing, supports state and federal examinations, and delivers clear, timely reporting to the Audit Committee and senior leadership. This position ensures a strong control environment and promotes continuous improvement across the Bank.

Position Goals:

Strengthen the Bank’s Internal Control and Risk Management Framework

• Lead a comprehensive, risk‑based internal audit program that provides independent assurance on the effectiveness of internal controls, governance, and enterprise risk management across all business lines. Ensure audit coverage reflects the complexity and regulatory expectations of a $10B community bank.

Execute a Robust Risk‑Based Annual Audit Plan

• Develop and implement an annual audit plan informed by a formal risk assessment, ensuring timely completion of audits, quality of fieldwork, adherence to professional standards, and continuous improvement in processes, tools, and methodologies.

Oversee Outsourced, Co‑Sourced, and Specialized Audit Engagements

• Manage relationships with external audit partners—particularly in specialized areas such as IT, cybersecurity, and loan review—to ensure quality, efficiency, and alignment with organizational risk priorities.

Ensure Compliance with Regulatory Requirements and SOX 404

• Oversee the Bank’s Sarbanes‑Oxley Section 404 testing activities, coordinate effectively with external auditors and regulators, and support federal and state examinations. Maintain policies, documentation, and reporting that meet the expectations for an institution of this size.

Provide Clear, Timely Reporting and Strategic Insight to the Audit Committee

• Deliver high quality reporting to the Audit Committee, including audit results, risk mitigation updates, management of corrective actions, and department performance. Provide advisory insight to strengthen governance and support sound decision-making.

Lead the Risk -Based Internal Audit Program

• Develop and maintain an annual risk‑based Internal Audit Plan using a formal risk assessment and aligned with IIA Standards, FFIEC guidance, SOX 404 requirements, and the Bank’s enterprise risk profile.
• Ensure timely execution of audits across operational, financial, technology, credit, and compliance functions.
• Update Internal Audit policies and procedures to reflect industry standards and regulatory expectations.

Ensure Quality and Compliance of Audit Activities

• Oversee audit planning, fieldwork, documentation, and reporting to ensure compliance with the Institute of Internal Auditors (IIA) International Professional Practices Framework (IPPF) and internal quality standards.
• Review audit workpapers, testing results, and identified issues, providing coaching and direction to ensure high‑quality deliverables.
• Implement continuous‑improvement initiatives, including the use of Computer‑Assisted Auditing Techniques (CAATs) and enhancements to testing methodologies.
• Oversee and perform periodic quality assurance and self‑assessment activities.

Manage External Audit Relationships and Specialized Audit Engagements

• Issue Requests for Proposals (RFPs) for outsourced or co‑sourced audits (e.g., IT, cybersecurity, loan review) and evaluate vendor qualifications, cost‑effectiveness, and alignment with audit scope.
• Manage contracts, schedules, deliverables, and communication with external audit service providers.
• Ensure effective integration of outsourced audit results into the overall audit plan and reporting.

Oversee Internal Control Testing and SOX 404 Compliance

• Manage and oversee internal control testing activities performed under Sarbanes‑Oxley Section 404, ensuring full coordination with external auditors and management.
• Evaluate internal control effectiveness, identify control gaps, and ensure management develops timely and sustainable corrective actions.
• Track and report on all audit findings and corrective action plans to ensure timely remediation.

Support Regulatory Examinations and Compliance Activities

• Serve as a key liaison to state and federal regulators during safety‑and‑soundness exams and other supervisory reviews.
• Provide audit documentation, respond to examiner inquiries, and support management in addressing examination findings.
• Ensure Internal Audit maintains regulatory readiness and strong working relationships with supervisory agencies.

Manage Department Operations, Budget, and Staff Development

• Oversee department staffing, performance, skill development, and succession planning.
• Provide coaching, mentoring, and leadership to ensure staff meet professional and regulatory competency expectations.
• Monitor department budget and expenditures, ensuring effective resource allocation and cost‑efficiency.

Perform Additional Audit and Assurance Activities

• Conduct year‑end alternative audit procedures for non‑responsive customers and other required checks.
• Provide advisory services as appropriate while maintaining independence and objectivity.
• Perform additional tasks as requested by executive leadership or the Audit & Risk Committee.

Key Success Factors –

Communication: Leads enterprise-level communication by setting high standards, delivering strategic messages, and fostering transparency across departments. Effectively engages diverse stakeholders, including senior executives, to build consensus, drive innovation, and promote a culture of open, respectful dialogue.

Risk Management: Provides strategic leadership in risk management by defining organizational risk tolerance, guiding the development of risk evaluation frameworks, and advising on complex risk scenarios. Analyzes organizational trends to shape short- and long-term risk strategies, while ensuring business continuity plans remain current and effective.

Influence: Establishes structures and leverages trusted relationships, alliances, and expertise to effectively position ideas and influence stakeholders. Promotes a culture where influence drives action, while remaining mindful of the inherent impact of their role on organizational outcomes.

Strategic Leadership & Execution: Shapes and drives the organization’s long-term strategy by aligning vision, mission, and values with strategic goals and business growth initiatives. Collaborates across leadership, fosters inclusive planning, anticipates future challenges, and cultivates a reflective, forward-thinking culture that values diverse perspectives and broad engagement.

Problem Solving & Decision Making: Promotes objective, forward-thinking decision-making by consistently applying the Tompkins model, seeking diverse perspectives, and considering long-term impacts. Builds a culture of trust and accountability by empowering others to make informed decisions and holding them responsible for outcomes.

• Bachelor’s degree in Accounting, Finance, Business Administration, or a related field required.
• Advanced certification strongly preferred (CIA, CPA, CISA, or similar), reflecting industry expectations for audit leaders in financial services.
• Master’s degree in Business, Accounting, Finance, or related field preferred.
• Minimum of eight (8) years of progressive internal audit or financial services audit experience, with substantial exposure to banking operations, risk management, compliance, and regulatory expectations.
• At least three (3) years of direct management or leadership experience within an internal audit function, ideally within the banking or financial services industry.
• Demonstrated experience developing and executing risk‑based audit plans in accordance with IIA Standards and FFIEC guidance.
• Experience coordinating or overseeing outsourced/co‑sourced audit engagements (e.g., IT audit, cybersecurity, loan review).
• Strong experience supporting state and federal regulatory examinations and working directly with regulators, including OCC, FDIC, FRB, or state banking agencies.
• Proven experience managing SOX 404 testing, internal control evaluations, and audit-quality requirements.
• Advanced knowledge of internal auditing standards, including the IIA International Professional Practices Framework (IPPF).
• Strong understanding of banking operations, risk management frameworks (e.g., COSO), and key regulatory requirements applicable to financial institutions.
• Knowledge of Sarbanes‑Oxley (SOX 404), model risk management expectations, information security controls, and financial reporting requirements.
• Experience with audit technologies, analytics, and Computer-Assisted Auditing Techniques (CAATs).
• Strong leadership, coaching, and team‑development skills, with an ability to influence and collaborate across all levels of the organization.
• Exceptional written and verbal communication skills, including experience presenting to Board or Board‑level committees.
• Ability to manage multiple priorities, lead complex initiatives, and make sound, data‑informed decisions.
• High degree of professional judgment, integrity, and independence.
• Ability to work in a fast‑paced, highly regulated environment with evolving expectations.
• Commitment to continuous improvement, innovation, and best practices within the internal audit function.

• Medical
• Dental
• Vision
• 401(k) Match
• Profit Sharing
• Paid Time Off
• 11 Holidays
• Tuition Reimbursement
• Free Parking throughout Tompkins Community Bank
• Employee Referrals