IT Applications Audit Associate

Role Description

SMBC is seeking an experienced IT Application Audit professional with a minimum of 3 years’ experience in the banking and finance/technology industry to conduct audit coverage for the firms IT applications. Coverage including  both integrated business audits as well as stand-alone application audits. Opportunities also available to support Infrastructure and cybersecurity audits across the firm as part of the Internal Audit Department. Reporting to IT Applications Team Head, the Audit professional will be responsible for (i) conducting regular IT application audits, ensuring work is performed in accordance with IIA standards and Internal Audit Department (IAD) policies and procedures, and (ii) supporting the IT Application Team Head in the execution of their duties. In addition, they will (i) support IAD Management team in helping to identify areas of coverage for planning, development, implementation, and maintenance of an internal audit program covering technology related areas across the Americas Division and (ii) conduct regular continuous monitoring activities covering IT application and technology related risks and related processes and controls within a prescribed timeframe

Role Responsibilities:

•    Conduct regular audits of IT application related areas assessing adherence to firm and regulatory requirements and assessing design, operating effectiveness and sustainability of associated controls. 
•    Create audit issues and reports that clearly articulate results and conclusions for review with senior audit management and auditees. 
•    Challenge the ongoing coverage of IT application work and present ideas for improvement.
•    Facilitate risk issue tracking to promote timely remediation.
•    Perform issue assurance work for audit, regulatory, and self-identified to confirm closure or recommend additional actions.
•    Work collaboratively with colleagues and auditees to identify risk concerns and agree reasonable solutions. 
•    Forge strong partnerships with colleagues in other IT application and control functions including legal, compliance, data security and risk management to promote front-to-back collaboration across risk assessment and findings remediation. 
•    Partner with audit colleagues in other business verticals and/or geographies to share best practices and drive greater consistency. Seek out opportunities to engage with stakeholders outside of formal audit periods to drive deeper relationships.
•    Conduct regular Continuous Monitoring activities and auditable entity updates. 

Qualifications and Skills

•    Minimum of 3 years of IT Application/Infrastructure/Cybersecurity audit experience in the banking and/or technology industry. 
•    Knowledge of IT application related risks and controls (i.e. General Controls, Interface Controls, Data Management and Security, etc…)  
•    Knowledge of industry relevant standards (i.e. NIST, CRI, etc...) and related regulatory expectations (i.e. NYS DFS 500, FFIEC, etc…) 
•    Knowledge of audit techniques, risk and internal controls assessment, and workpaper standards. 
•    Strong strategic thinking skills including the ability to identify and assess technology related risks. 
•    Ability to act as trusted advisor to IT application management using discretion and sound judgment in identifying, analyzing, and reporting problems. 
•    Excellent communication (both verbal and written), presentation and professional skills including the ability to interact effectively at all levels within the organization. 
•    Bachelor’s Degree in Information Technology, Finance, or related field. Advanced degree a plus.
 

Additional Requirements