Summary - Conduct internal audit activities within the organization, including providing independent, objective assurance and consulting activity designed to add value and improve the organization's operations. - Internal audit is intended to assist the organization in accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. - Internal Audit is accountable for developing and implementing a risk-based internal audit plan, assisting management in complying with applicable internal control policies and regulations, and working with management to bring cost effective and efficient leading practices. - Internal Audit has the authority to perform internal audit and consultative services, have access to necessary data when requested, obtain assistance of Authority personnel as needed. - Activities may include audits of financial, operational, IT, compliance/regulatory, or strategic business functions and related risks and controls. May also include execution of special investigations/audits involving cases of fraud, waste, and abuse and/or ethical/regulatory complaints. - Operate as ambassador and champion of the Internal Audit vision and strategy by demonstrating support and actively communicating with the audit team and the business. Responsibilities
- Execute IT internal audit engagements using IA methodology, build relationships with clients, identify client concerns, and lead interactions in an organized, collaborative, and knowledgeable manner.
- Create high quality deliverables, including planning documents, audit programs, walkthroughs, process flows, document work papers, observation sheets and first draft reports , within established timelines and budgets.
- Identify key risks and internal controls, develop or review audit programs, risk and control matrices, and perform or review detailed tests of controls.
- Develop and execute data analysis routines and visualize and interpret the results.
- Document audit observations including root cause, risk or exposure, and recommendations for solutions.
- Benchmark IT operational processes and controls, identify process improvements, and partner with leadership to communicate observations to senior management and auditees.
- Lead, coach, and mentor team members.
- Remain current on IT and utility industry trends and strategic initiatives and share with the team.
Knowledge, Skills and Abilities
- Thorough familiarity with Information Systems auditing concepts and techniques.
- Knowledge of COBIT, NIST, ITIL, Center for Internet Security (CIS)COSO, and IIA Standards.
- Ability to plan, organize, manage time and deadlines, and execute large complex audits.
- Ability to acquire, analyze and interpret large volumes of data to identify potential audit issues and develop practical recommendations
- Strong verbal, written and presentation communications skills.
- Proficient in Microsoft Word, Excel, PowerPoint, and Visio.
Education, Experience and Certifications
- Bachelor's degree.
- Minimum four years of Information Systems Technology audit experience.
- CISA is required.
- Experience auditing some of the following: SAP, Windows, UNIX, Oracle, SQL, LANs, WANs, Internet/Firewalls, Network Security and Infrastructure, Cybersecurity.
Physical Requirements Approximately 15 - 20% travel primarily within New York State.