• Auditing
o Perform SOX IT testing for the Company’s operating units.
o Formulate recommendations to improve internal control processes, work programs and other SOX compliance efforts, as appropriate.
o Follow up on outstanding action points within an agreed timetable and ensure that all issues are closed in a timely fashion.
o Scope of audits may include any of the following:
IT general controls –testing of change management, security administration, computer operations, physical security, and other relevant IT general controls
Information Security – execution of audits to ensure compliance with Information Security standards
Financial Audit Assistance – support financial and operational internal auditors by extracting and analyzing data from financial systems using software tools such as IDEA.
• Business Unit Assistance:
o Provide advisory services to business units relative to the design of application controls and security related controls for system implementations with a view to building in internal controls that are commensurate with the size and complexity of the operations.
o Work on special technology-related projects for business units, as requested.
• Communication:
o Participation in internal planning meetings and regular communications within the Internal Audit Department.
o Regular contact with the VP and SVP of Internal Audit and communication of plans and activities.
o Regular contact with business unit IT management and maintenance of knowledge of business unit plans and strategies.
• BA/BS degree in Management Information Systems, Computer Science, or related field
• 3+ years of working experience in Information Security, IT audit and/or IT SOX Compliance
• Solid operational understanding of Identity and Access Management technologies and methodologies across multilayer and multi-technology networks, system, application and databases.
• Operational knowledge of infrastructure technologies and diverse operating systems (e.g., Virtualization, z/OS, z/VSE, UNIX/Linux and Windows platforms), Network security devices (e.g.,firewalls, intrusion detection and prevention systems, proxies, network taps), and relational databases (e.g., Oracle, Microsoft SQL, AS400, DB2, IBM Mainframe)
• Understanding of Information Security industry auditing tools (e.g., CIS Benchmarking Tool, Rapid 7, Symantec Control Compliance Suite CCS)
• Solid understanding of Backup and Recovery best practices and methodologies as well as the industry technologies utilized (e.g.,NetBackups)
• Conceptual understanding of PCI, ISO/IEC 27000 series, ITIL and COBIT standards, European data protection, IT infrastructure and processes, IT governance, project management, principles of internal controls
• Ability to independently evaluate controls over security processes, infrastructure, network, applications and databases according to established timetables and requirements
• Security and Audit certifications (e.g., CIPP, CISSP, CISM, or CISA) are desirable
