Responsibilities:

• Support or co-facilitate IT, operational, financial, and compliance risk assessments across the organization.
• Recommend improvements to strengthen the overall control environment.
• Partner with management to enhance IT internal controls and develop corrective action plans.
• Develop and deliver workforce training related to IT processes and internal controls.
• Advise on IT projects and initiatives, ensuring risks are identified, assessed, and properly mitigated.
• Lead and execute IT audits of systems, infrastructure, and processes, referencing best-practice frameworks (COBIT, NIST, ITIL, etc.).
• Conduct third-party vendor and cloud security assessments to ensure compliance with contractual, regulatory, and security requirements.
• Maintain risk management methodologies, templates, tools, internal sites, and reporting for GRC initiatives.
• Develop and adhere to GRC standards, policies, and procedures to strengthen internal controls.

Requirements:

• Bachelor’s degree in a technology or audit-related field.
• Minimum 5 years of experience in IT auditing, IT security, or IT risk management.
• At least 5 years’ experience leading and managing complex IT audit or advisory engagements.
• Minimum 2 years conducting cloud platform audits (e.g., AWS).
• Experience performing risk-based operational and/or technical audits.
• Required certification: CISA, CISSP, or CISM.
• Strong written and verbal communication skills; excellent presentation and interviewing abilities.
• Strong analytical, consulting, and project management skills.
• Ability to manage multiple projects with minimal supervision.
• Technical knowledge across IT infrastructure, cybersecurity risks, operating systems, databases, networking, and cloud technologies.