Senior Internal IT Auditor

Job Summary

We are seeking a seasoned Senior Internal IT Auditor to join the Internal Audit team and provide independent, objective assurance over the company’s IT controls, risk management, and governance processes. The successful candidate will plan and execute IT audit engagements across applications, infrastructure, cloud, identity and access management, change management, and third-party services. This role will collaborate with IT, Security, Risk, Compliance, and business stakeholders to identify control gaps, recommend practical remediation, and drive improvements that support business objectives and regulatory requirements.

Key Responsibilities

Audit Planning & Execution

• Plan, scope, and execute IT audit engagements using a risk-based approach, including development of audit programs, testing plans, and workpapers.

• Perform detailed testing of IT general controls and application controls across cloud and on-premise environments, including change management, configuration management, and backup/recovery.

• Evaluate the design and operating effectiveness of controls related to identity and access management, privileged access, segregation of duties, and authentication mechanisms.

Risk Assessment & Control Evaluation

• Conduct IT risk assessments to identify and prioritize technology risks and control gaps that could impact confidentiality, integrity, and availability of systems and data.

• Map IT risks and controls to relevant frameworks and standards (e.g., COBIT, NIST, ISO 27001, SOC 2) and provide pragmatic control recommendations.

• Assess third-party and cloud provider controls, review vendor risk management artifacts, and perform outsourced service audits where applicable.

Reporting & Remediation

• Prepare clear, well-supported audit findings, risk ratings, and actionable remediation recommendations; draft audit reports and present results to management and audit committees.

• Work with process and technology owners to develop remediation plans, track remediation progress, and validate corrective actions.

• Coordinate with external auditors and regulators as needed to support audits and attestations.

Continuous Improvement & Advisory

• Provide advisory support on IT control design and implementation to enable operational improvements while maintaining auditor independence.

• Identify opportunities to enhance audit methodologies, testing tools, and automation to increase audit efficiency and coverage.

• Mentor junior audit staff, review their workpapers and findings, and contribute to team knowledge-sharing and training.

Required Qualifications - Skills & Experience

• Bachelor’s degree in Information Technology, Computer Science, Accounting, Cybersecurity, or a related field, or equivalent practical experience.

• 5+ years of experience performing IT audits, IT risk assessments, or IT control testing in an internal audit, external audit, or IT risk role.

• Strong technical understanding of systems, networks, cloud platforms (e.g., AWS, Azure, GCP), databases, and common enterprise applications.

• Experience auditing identity and access management, change management, system development lifecycle, vulnerability management, and patching processes.

• Familiarity with audit methodologies, sampling techniques, and documentation standards; ability to produce clear, concise audit workpapers and reports.

• Excellent written and verbal communication skills with the ability to engage technical and non-technical stakeholders and influence remediation efforts.

• Demonstrated analytical mindset with experience in risk assessment, control evaluation, and executive-level reporting.

• Proficiency with audit and productivity tools (e.g., GRC platforms, data analytics tools, Office suite).

Preferred Qualifications

• Relevant certifications such as CISA, CISSP, CRISC, CISM, or Certified Internal Auditor (CIA) preferred.

• Experience supporting Sarbanes-Oxley (SOX) IT testing, SOC 2 examinations, or other regulatory audits.

• Background in cloud security, DevOps/SecOps practices, or secure software development lifecycle is a plus.

• Experience with audit automation, data analytics (ACL, IDEA, Python, SQL), or continuous auditing tools.

Work Environment & Compensation

• Full-time position with a hybrid onsite/remote model; occasional travel may be required for fieldwork, audits, or meetings with third parties.

• Competitive salary commensurate with experience and a comprehensive benefits package, including health insurance, retirement plan options, and paid time off.

• Opportunities for professional development, certification support, and career progression within Internal Audit, Risk, and Security functions.

• Inclusive, respectful work culture that values diversity, equity, and a healthy work-life balance.