Senior IT Audit Analyst

The Senior IT Audit Analyst is primarily responsible for performing information technology (IT), information security (IS), operational assurance, and advisory engagements, including the assessment of risks and internal controls, development of engagement objectives and programs, drafting formal reports, and presenting results to the Audit Committee. This position requires effective communication both verbally and in writing to obtain and document reliable and relevant evidence for the engagements. The Senior IT Audit Analyst reports to the IT Audit Manager. This role is located in Tallahassee, FL and requires on-site, in-office work.

75% - Leads Assurance and Advisory Projects, Follow-up Audits, and Special Projects, according to the comprehensive internal audit plan, or as assigned

• Conducts engagements in accordance with The Global Internal Audit Standards issued by the Institute of Internal Auditors, Inc. (IIA) and other IT and IS standards
  o Defines appropriate engagement scope based on an assessment of inherent and residual risks of business unit core activities, and adequacy and effectiveness of internal controls
  o Develops engagement programs to ensure that the engagement objectives are achieved
  o Conducts interviews with client and obtains reliable and relevant evidence/documentation
  o Drafts flowchart and conducts walkthrough, and completes Internal Controls & Risk Assessment to update engagement scope, and prepares test plan
  o Determines where data analytics may be used on projects
• Conducts fieldwork
  o Performs tests of controls, substantive testing and/or research depending on the type of project
  o Interprets and evaluates internal controls, policies and procedures
  o Participates and/or conducts IT general control reviews, application reviews, and security reviews
  o Ensures that procedures and findings are documented with sufficient detail in working papers and use of data analytics
  o Communicates effectively with the client in writing and verbally during the project
  o Escalates any issues relating to the project or with meeting deadlines to the manager in a timely manner
  o Ensures all review notes are addressed in a thorough and timely manner and reviews other Analysts work when needed
  o Prepares reports that document methodology and results, and present clear and concise conclusions and recommendations to improve SBA operations
  o Coordinates and oversees engagement activities performed by the external auditors by monitoring timeliness, and the receipt of agreed deliverables
  o Demonstrates and reinforces fundamental value of quality, service, respect, integrity, and dependability in interaction with coworkers, supervisors, client; in personal contributions to work assignments and projects; and when representing SBA

10% - Assists with Annual Risk Assessment

• Participates in the annual risk assessment and in the development of a risk-based annual audit plan and conducts information technology risk assessments in accordance with the National Institute of Standards and Technology (NIST) Guide for Conducting Information Security Risk Assessments

05% - Assists with the coordination of Quarterly Audit Committee Meetings

• Coordinates logistics
• Assists with the preparation of meeting materials, including quarterly report to the Audit Committee
• Attends meeting and takes notes for the minutes of the meeting

10% - Performs other duties as assigned

• To include but not limited to: recording time on at least a weekly basis; attending SBA and The Office of Internal Audit & Inspector General (OIA&IG) meetings; conducting research over areas that are impactful to the SBA or to the audit profession and sharing knowledge with the Department; updating OIA&IG guiding documents; and completing mandatory training and other trainings as deemed necessary by OIA&IG management

Three years of related experience. A postsecondary degree may be used as an alternative for years of direct experience.

Preferences:

• A bachelor's degree from an accredited college or university in computer science, management information systems, finance, accounting, statistics, business or a related field
• Master of Business Administration or master’s degree from an accredited college or university in computer science, management information systems, finance, accounting, statistics, or a related field
• Possession of a Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Investments and Derivatives Auditor (CIDA), Certified Public Accountant (CPA), or Certified Fraud Examiner (CFE) credential
• Experience in public accounting or auditing, and the financial services industry

Knowledge, Skills, and Abilities:

• Knowledge of relevant industry standards, including the IIA Standards, NIST security Standards, the Center for Internet Security’s Critical Security Controls (CIS CSC framework), and Committee of Sponsoring Organizations (COSO) framework, IT Security and Compliance standards, and related principles
• Thorough knowledge of governance, risk and control appropriate to the organization
• Strong data analytics skills
• Proficient in preparing visual analytics, dashboard using Tableau and/or other software
• Extensive Microsoft Office skills (Excel, Word, Visio, Access and Project)
• Excellent written and verbal communication and presentation skills
• Solid organizational and leadership skills
• Ability to perform at a high level in a team environment
• Ability to work independently, exercise independent judgment, and prioritize work assignments to meet deadlines
• Ability to research and summarize key points effectively
• Advanced knowledge and experience of industry related IT infrastructure, solutions, and platforms for defending against the threat landscape, including firewalls, security incident and event monitoring, vulnerability and penetration management

Hiring Range: $74,445 - $93,450

The State Board of Administration is an Equal Opportunity Employer

Successful completion of a pre-employment background check is a condition of employment with the State Board of Administration