Apply on Employer Site

Colorado PERA · 2 days ago

Senior IT Audit Manager

Denver, CO

Full-time

Hybrid

Senior Level, Lead/Staff

$155K/yr - $185K/yr

10+ years exp

Colorado PERA is seeking a Senior Information Technology Audit Manager to conduct audits of complex information systems and application development activities. The role involves managing IT audit projects, conducting risk assessments, and developing strategic audit plans while maintaining a strong internal client focus.

Asset ManagementFinancial ServicesRetirement

Comp. & Benefits

Responsibilities

Completes risk assessments and develops annual IT audit plans for review by the Chief Audit Executive

Manages projects and reviews of the IT, Information Security, Product Development, and Application Development areas at PERA to determine and evaluate the efficiency and effectiveness of the internal control environment

Evaluates relevant data, business processes, and procedures, compares that information to best practice or industry accepted standards, and identifies value-added audit recommendations to improve internal controls and/or the efficiency of business processes

Ensures that audit objectives are achieved within assigned project timelines and scope, and workpaper documentation conforms to the Institute of Internal Auditors (IIA) for global internal audit standards

Communicates audit issues, observations, and recommendations to PERA leadership and external vendors to meet organizational needs

Follow up on audit recommendations from internal audit reporting through completion

Seeks, evaluates, and appropriately adapts audit tools and leading audit practices to improve Internal Audits risk-based methodology and processes

Manages outsourced/co-sourced audits executed by vendors including monitoring contract compliance and service providers' performance

Collaborates with other internal auditors, external auditors, and compliance professionals to ensure adequate audit coverage, efficient and effective outcomes

Provides advisory services to IT, Information Security, and Application Development as needed

Prepares Board of Trustees Audit Committee meeting materials related to areas of responsibility and communicates audit recommendations via written reports and occasional oral presentations to the Committee

Proactively identifies, evaluates, and communicates risks and internal control issues to appropriate parties

Actively participates in training and educational opportunities for ongoing professional development and stays current on relevant industry topics, best practices, and evolving audit techniques to maintain professional certifications

May provide direct supervision and professional development support for direct report(s), including oversight of a Senior IT Auditor

Performs other duties as assigned

Qualification

CISACISSPCISMIT AuditCOSOCOBITIT risk managementCloud auditingCybersecurity auditsTeammateACL audit softwareProject managementTeam playerEffective communicationRelationship building

Required

Bachelor's degree in computer information systems or management information systems is preferred

Must possess and maintain an active certification in one of the following: CISA, CISSP, CISM, CIA, or other relevant certifications

Progressive experience spanning over 10 years in the areas of IT Audit, corporate IT Audit, or technology risk consulting preferred

Strong working knowledge of commonly used internal control frameworks, including COSO and COBIT, and knowledge of audit methodologies and developing key internal audit deliverables

Strong background in IT risk and control design

Strong working knowledge of IT general controls, IT application controls, and key report testing

Proficient in documenting business process flows and flowcharting

Experience in auditing cloud and infrastructure modernization and major system migration

Experience with distributed, modern architectures for risk, security, stability and misconfiguration

Ability to audit application development practices for effective controls, risk management, and compliance

Experience in cybersecurity audits and partnering with Information Security teams

Strong written and verbal communication and comprehension both formally and informally at all levels of management and across divisions, in a variety of formats and settings, including in interviews, meetings, calls, e-mails, reports, process narratives, presentations, etc

Demonstrated working knowledge of internal auditing best practices and procedures

Strong project management skills and the ability to work with limited to no supervision

Team player and effective at maintaining positive relationships with team members and key stakeholders. Demonstrated ability to influence others and to build consensus

Experience managing and developing other internal auditors