IT Audit Manager

IT AUDIT MANAGER (CISA)

Work Schedule: Monday - Friday

The IT Audit Manager is responsible for leading multiple engagement teams, working with a wide variety of clients to deliver professional services and managing business development activities on strategic and global priority accounts specific to IT Audit engagements including IT control/SOX compliance and assessment, information security and data security.

Key Responsibilities

• Lead the planning, execution, and reporting of IT audits, ensuring alignment with professional standards (COBIT, NIST, ISO 27001).
• Oversee IT General Controls (ITGC) testing and automated application control assessments for SOX 404 compliance.
• Identify and evaluate complex IT risks related to systems, infrastructure, and data integrity.
• Review engagement workpapers for technical accuracy and ensure all findings are supported by robust evidence.
• Manage project budgets, resource allocation, and timelines to ensure successful delivery.

• Act as a trusted advisor to C-suite executives and IT leadership, providing insights on emerging technology risks and mitigation strategies.
• Facilitate closing meetings to discuss audit findings and negotiate remediation plans with stakeholders.
• Drive business development by identifying service gaps at existing accounts and leading the preparation of proposals for new clients.
• Collaborate with financial audit teams to provide integrated audit solutions.

• Supervise, coach, and mentor senior and staff-level auditors, providing consistent performance feedback.
• Facilitate internal training sessions on specialized topics such as Cloud Security, Data Privacy, and AI Governance.
• Foster an inclusive team environment and participate in the recruitment of top-tier technical talent.

• Education: Bachelor’s degree in Management Information Systems (MIS), Computer Science, Accounting, or a related field.
• Experience: 5+ years of experience in IT Audit, IT Risk Management, or Cybersecurity, preferably within a professional services or "Big 4" environment.
• Technical Knowledge: Deep understanding of ITGCs, SOC reporting, and network security protocols.
• Communication: Exceptional written and verbal communication skills for presenting complex technical risks to non-technical stakeholders.

• Certifications: Professional certification such as CISA (required), CIA, CISSP, or CPA.
• ERP/Apps: Relevant experience in application security and ERP implementation projects (e.g., SAP, Oracle).
• Cloud/Data: Experience auditing cloud environments (AWS, Azure) and using data analytics tools (ACL, Tableau, PowerBI).