SMBC is seeking an IT Internal Auditor with 5-7 years experience to work within the Internal Audit Department.
In this position, the individual will evaluate current policies and processes in order to provide reasonable assurance to Management as to the adequacy of the technical control environment within the Americas Division.
Scope of Position:
Number of direct reports: This position will not have any direct reports.
Number of indirect reports: When acting as the Auditor in Charge, the individual will be assigned an audit team (2-6 individuals from both the North America and EMEA IT Audit teams) depending on the size and complexity of the audit.
Up to 10% domestic/international travel.
- Subsidiaries and related entities located in Brazil, Canada, Chicago and Los Angeles.
This position will require the individual to plan and perform internal audits over all technology areas within SMBC's Americas Division, with a strong focus on infrastructure entities, as well as applications and integrated audits with the business auditors.
85% Audit Planning, Execution and Implementation:
- Examine and evaluate internal controls in key technology risk areas to ensure compliance with internal policies and applicable rules, laws and regulations.
- Develop audit programs and perform audit fieldwork, including system documentation, evaluations, interviews and technical analysis.
- Propose or evaluate appropriate corrective measures designed to strengthen internal controls, operational and technical policies and procedures, and other weaknesses identified during audits.
- Prepare clear and concise audit workpapers and audit reports summarizing scope, methodology, and significant conclusions of audit procedures performed within prescribed time frames
- Conduct audit planning and closing meetings with Internal Audit and relevant Department Management
- Clearly communicate the results of the audits to both audit and client management
- Work as a team member, as well as independently, to produce strong audit results and maintain professional independence and sound judgment in executing all audits and other assignments.
15% Project Monitoring and reporting to Internal Audit Management
Key competencies are the necessary knowledge, skills, attitudes and values.
- Each competency should be assigned a percentage weight of importance
- Total weight of competencies should add up to 100%
25% Ability to understand, interpret, and apply general and specific administrative departmental policies and procedures as well as applicable federal and state laws and regulations
25% Overall understanding of audit techniques, internal controls and audit principles. Ability to manage and execute audit from planning to audit closing.
15% Good understanding and experience in auditing technical areas including desktop operating systems, client/server operating systems, networking, database management systems, virtualization, storage, Information Security, IT Governance, and systems development, as well as experience in auditing business applications.
15% Strong critical thinking, analytical and organizational skills
15% Strong written and oral communication skills, including ability to write clear and concise audit recommendations and reports
5% Working knowledge of Lotus Notes, Microsoft Office Suite (Excel, Word, PowerPoint) and IDEA and/or ACL.
To perform this job successfully, the candidate must be able to perform each essential duty to management's satisfaction. The requirements listed below are representative of the knowledge, skills and/or abilities required.
Preferred Previous Work Experience:
Minimum 5-7 years IT Audit experience, preferably with a bank or financial institution. A strong understanding of risks and controls within a technical environment is required, as well as the ability to document and test these controls.
The candidate should have a strong working knowledge and background in a combination of the following technical areas: desktop operating systems (Windows/Active Directory), client/server operating systems (AIX, Linux) networking (firewalls, IPS/IDS, local/wide/metropolitan area networks), database management systems (Oracle, SQL Server), Middleware (MQ), virtualization (VMWare), storage area networks. In addition the candidate should have experience in auditing non-technical areas including Information Security, IT Governance, and systems development and have experience in performing audits of business applications.
The ability to multitask and work in a team environment is crucial.
Bachelor's Degree in MIS or some other computer related field. CISA and/or other relevant certification is preferred.