Full Time, Employee
Information Systems Auditor is responsible for performing various audits and advisory work. Supports the Department’s efforts with business process audits as well as external audits. May also provide supervisory and training support for less experienced auditors and assist the Manager in coordinating special projects or advisory assignments.
- Leads, performs, documents, and reviews tests of controls required for compliance with the NAIC Annual Financial Reporting Model Regulation (AFRMR), also known as Model Audit Rule.
- Conducts and leads all aspects of the IT and Business audit process to include engagement planning, work plan coordination, risk and control identification, preparation of audit programs to fulfill the audit objectives, testing and analysis of results, and report writing.
- Responsible for obtaining an in-depth understanding of each business and/or function being audited, identification, and assessment of risks, including understanding the way such risks are controlled
- Able to review the work of other audit staff based on professional knowledge
- Understanding and work experience in support of IT General Controls audits (Logical Access, Change Control, System Backup, Job Scheduling and Problem Management), IT Security Reviews, as well as
- Exposure and understanding of Service Organization Control (SOC) attestations (1 and 2)
Knowledge & Experience:
- Knowledge of SOX-404 or the NAIC AFRMR.
- Exposure to NIST 800-53, HiTrust, Institute of Internal Auditors standards, COSO, and COBIT.
- Experience and knowledge in application planning, design, testing, and implementation procedures.
- Working knowledge of system architecture, IT general controls, and IT security operations.
- Experience and knowledge in auditing techniques and accounting and control procedures.
- Exposure/experience with Enterprise Risk Management (ERM) techniques and programs
- Preferred knowledge of industry standard tools to perform data analysis (e.g. ACL, SAS) and experience documenting workpapers utilizing CCH TeamMate Audit Management System. Expertise in applying IT audit methodologies to analyze large datasets.
- A minimum of two years work experience as an Information System Auditor, IT Security Professional, Technology Specialist, or IT Project Manager.
- A minimum of four years work experience as an Information System Auditor, IT Security Professional, Technology Specialist, or IT Project Manager.
- Public Accounting experience, Big Four experience is a plus
- Exposure to Insurance industry and claims processing systems
Education, Certification, and Licenses:
- Bachelor’s Degree with concentration in Accounting or Computer Science
- Working to obtain Certification as an Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Internal Auditor (CIA)
- Certification as an Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Internal Auditor (CIA)
For more information regarding this position, please send us your resume and an SGC representative will be in touch.