Description
Join our team as a Technology Senior Auditor, providing internal assurance and advisory activities over IT infrastructure, application controls, cybersecurity, operational resilience, risk management, outsourcing and governance processes supporting FCE's operations. A critical component of this role is auditing shared IT services and assessing the effectiveness of intra-group outsourcing arrangements.
As a Technology Senior Auditor, you will plan, lead, and execute assurance and advisory audit engagements. You will perform detailed testing and analysis to evaluate the design and operating effectiveness of internal controls. You will liaise with and oversee the work of co-source audit partners. You will evaluate technology against UK and European financial regulations such as Digital Operational Resilience Act (DORA), EBA Guidelines on outsourcing, FCA and PRA regulations and guidelines relating to Operational Resilience and Outsourcing and Third-Party Risk.
You will prepare and present audit results and reports to senior management. You will review, approve and follow up on corrective action plans taken by management in relation to audit findings. You will maintain an awareness of changing technology and associated risks, audit best practices and new or emerging regulations and critically assess their impact on FCE and its control environment.
You will build and maintain key relationships with stakeholders and colleagues. You will contribute to the development of the risk audit universe which provides input into the annual risk-based audit plan.
Required skills and qualifications include a Bachelor's degree in computer science or related field, at least five years of IT audit experience, ideally within a regulated financial services environment, experience of working on both technology and business-hybrid audits including cyber security, IT infrastructure and applications, relevant technology and/or audit certification (CISA, CISSP, CISM or similar), good knowledge of cyber security and IT infrastructure controls that include Identity and Access Management, Data Protection, Change Management, Incident Management, Business Continuity, Cyber Resilience/Response, Cloud Computing, Operating and Database Management Systems, good understanding of industry security frameworks (e.g. NIST, ISO 27001, COBIT etc.), familiarity with UK and European regulatory frameworks, knowledge of intra-group outsourcing and shared service centre audit, personable, enthusiastic, self-motivated with the ability to communicate clearly, concisely and candidly both verbally and in written form, and global travel may be required.