Sr IT Auditor

PURPOSE AND SCOPE:

The IT Audit Senior (IT-AS) supports the performance of IT audits as a member of the Global Internal Audit team. The IT-AS will primarily be responsible for helping to develop, manage and execute the global information system (IS) section of the GIA annual Audit Plan. This further includes the development and maintenance of IT related audit programs and the coordination with other IT departments within global FME. In addition, the IT-AS participates in integrated IT audits supporting financial and operational audits. Furthermore this position should develop data analytic strategies and support the team in advance analysis.

PRINCIPAL DUTIES AND RESPONSIBILITIES:

• Identifies and evaluates FME’s IT risk areas and provides key input to the development of the annual global Audit Plan;
• Plans and executes global IT audits to identify opportunities where enhancements to internal controls can be cost effectively achieved to meet business needs in the areas of IT infrastructure,  systems and applications, security, operations and processes;
• Performs audit work, risk and control assessments to evaluate risk, determine control objectives and verify the extent to which control techniques meet business objectives at FME locations around the globe;
• Performs audit procedures to obtain sufficient evidence to support audit observations;
• Review access to applications and systems for appropriateness;
• Follow-up on audit observations and initiation of the entire process until implementation evidence is obtained;
• Maintenance of certain audit programs and GIA standards;
• Provide support to the internal audit team through extraction of data from applications/ databases under audit and perform data analytics inquiries;
• Assist with maintaining the audit tool, support the selection of a new audit tool in the near future;
• Maintenance of dedicated Knowledge Clusters in the GIA Knowledge database related to IT risks;
• Participates as a knowledge resource for other GIA colleagues in matters related to IT (also for internal audit tools) and general systems and controls;
• Develops and maintains outstanding relationships with IT and business stakeholders through open and frequent communication;
• Pursues professional development opportunities, including external and internal training and professional association memberships;
• Other duties as assigned.

PHYSICAL DEMANDS AND WORKING CONDITIONS:

• The physical demands and work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
  • This position requires the ability to travel both domestically and international to FME locations.
  • Travel will range up to 10-15% annually

EDUCATION:

• Bachelor’s Degree required; Advanced Degree desirable

EXPERIENCE AND REQUIRED SKILLS:

• 3–5 years of work experience in IT audit or business audit/accounting; IT audit experience in healthcare preferred.
• Must have a CISA or be prepared to take the CISA exam within 1 year.
• Experience in network security and distributed system environments (firewalls, network design, Mainframe, Databases, mobile applications and JAVA based web services.
• Good SAP knowledge and experience in SAP IT audits in accordance with international standards are preferred.
• Ability to transfer IT language and knowledge into business language.
• Knowledge on IT industry standards such as ISO27001, COBIT and ITIL.
• Knowledge on global data protection and security laws.
• Ability to work independently and to plan and execute projects with a minimum supervision under given deadlines.
• Strong analytical, written communication, interpersonal, organizational skills and ability to work with senior level management in an independent manner.
• Fluent in English speaking and writing and a second European language is preferred (German, Spanish, etc.).
• Detail, deadline oriented, and ability to multi-task.