Sr. Internal Auditor I

Job Title:

Job Description

Job Summary :

We are seeking a highly skilled and experienced Senior IT Auditor with a strong background in SOX audits, SOC 1 and SOC 2 reviews, IT General Controls (ITGC), IPE/ITRT, IT application control reviews, and Cybersecurity audits.

This role requires proficiency in evaluating controls for payroll/financial applications and conducting Vulnerability Assessments and Penetration Testing (VAPT). The candidate will collaborate with cross-functional teams to identify risks, recommend improvements, and ensure compliance with regulatory standards.

This role requires a detail-oriented professional with excellent analytical skills, a deep understanding of regulatory compliance, and the ability to lead complex audit engagements.

Key Responsibilities:

SOX Compliance &SOC 1 , SOC2 Reviews

• Lead and review SOX 404 audits, Walkthroughs/ Test of Design (TOD), Test of Effectiveness (TOE), interim testing and Roll forward testing (RFT) activities for ITGC, IT report Controls (IPE) and ITAC controls.
• Testing/Review will include IT General Controls, including logical access, security reviews, change management, and IT operations, IT application controls, IT report controls, and user access reviews.
• Conduct SOC 1 (SSAE 18) and SOC 2 Type I and Type II audits for clients across various financial applications across the globe. Detailed review and mapping of of tested SOC1 reports that were provided by the application owners.
• Process Gap assessment and the mitigation of identified gaps and controls embedment and improving the Risk control matrix and conducted the audit accordance of RCM.
• Evaluate the design and operating effectiveness of controls related to security, availability, processing integrity, confidentiality, and privacy.
• Prepare the audit report, documenting the audit evidences and provide recommendations to address the issued identified during audits.
• Detailed review of policies, standards, procedures and guidelines on periodic basis as per the business requirements.

Cybersecurity Audits

• Conduct cybersecurity audits to evaluate the effectiveness of security controls and identify vulnerabilities.
• Perform Vulnerability Assessment and Penetration Testing (VAPT) on critical systems, including payroll and financial applications.
• Provide recommendations to enhance the organization’s cybersecurity posture.

Stakeholder Collaboration

• Partner with IT, Legal and Finance teams to align audit findings with business objectives.
• Present results to senior leadership and external auditors.

Team Leadership

• Supervise and mentor junior team members, providing guidance on audit methodologies and best practices.
• Coordinate with cross-functional teams to ensure seamless execution of audit engagements.

Regulatory Compliance

• Stay updated on emerging regulatory requirements and industry trends related to IT audits, cybersecurity, and data privacy.
• Ensure audit processes align with relevant standards and frameworks (e.g., COSO, COBIT, NIST, ISO 27001).

Qualifications:

Education: Bachelor’s degree in Computers/IT. Advanced degrees or certifications (e.g., CISA, CISSP, CPA, CIA) are highly preferred.

Experience: Minimum of 7 years of experience in IT auditing, with a focus on SOX, SOC 1, SOC 2, ITGC, and cybersecurity audits. Experience in Big 4 audit firms is a strong advantage.

Familiarity with cloud environments (AWS, AZURE)

Technical Skills

• Proficient in testing ITGC controls across platforms (application, OS and Databases) for following areas:

#Change Management
#User Access Management
#Backup & Recovery Management
#Batch Job Management
#Problem and Incident management

• Hands-on experience with cybersecurity audits, vulnerability assessments and penetration testing.
• Proficiency in IT audit tools and other software (e.g., AuditBoard, ServiceNow, MS Office, MS Excel)
• Strong understanding of payroll and financial applications and other ERP systems (e.g., Workday, SAP, Oracle).
• Knowledge of VAPT tools and methodologies (e.g., Nessus, Metasploit, Burp Suite).

Soft Skills

• Excellent communication, interpersonal skills along with Project Management abilities.
• Strong analytical and problem-solving abilities.
• Ability to manage multiple engagements and meet tight deadlines.
• Ability to mentor junior team members.

Preferred Certifications:

• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)

Location:

Language Requirements:

Time Type:

If you are a California resident, by submitting your information, you acknowledge that you have read and have access to the Job Applicant Privacy Notice for California Residents