Conduct internal audit activities within the organization, including providing independent, objective assurance and consulting activity designed to add value and improve the organization’s operations. Internal audit is intended to assist the organization in accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal Audit is accountable for developing and implementing a risk-based internal audit plan, assisting management in complying with applicable internal control policies and regulations, and working with management to bring cost effective and efficient leading practices. Internal Audit has the authority to perform internal audit and consultative services, have access to necessary data when requested, obtain assistance of Authority personnel as needed. Activities may include audits of financial, operational, IT, compliance/regulatory, or strategic business functions and related risks and controls. May also include execution of special investigations/audits involving cases of fraud, waste, and abuse and/or ethical/regulatory complaints. Operate as ambassador and champion of the Internal Audit vision and strategy by demonstrating support and actively communicating with the audit team and the business.
Execute IT internal audit engagements using IA methodology, build relationships with clients, identify client concerns, and lead interactions in an organized, collaborative, and knowledgeable manner.
Create high quality deliverables, including planning documents, audit programs, walkthroughs, process flows, document work papers, observation sheets and first draft reports , within established timelines and budgets.
Identify key risks and internal controls, develop or review audit programs, risk and control matrices, and perform or review detailed tests of controls.
Develop and execute data analysis routines and visualize and interpret the results.
Document audit observations including root cause, risk or exposure, and recommendations for solutions.
Benchmark IT operational processes and controls, identify process improvements, and partner with leadership to communicate observations to senior management and auditees.
Lead, coach, and mentor team members.
Remain current on IT and utility industry trends and NYPA-related strategic initiatives and share with the team.
Knowledge, Skills and Abilities
Thorough familiarity with Information Systems auditing concepts and techniques.
Knowledge of COBIT, NIST, ITIL, Center for Internet Security (CIS)COSO, and IIA Standards.
Ability to plan, organize, manage time and deadlines, and execute large complex audits.
Ability to acquire, analyze and interpret large volumes of data to identify potential audit issues and develop practical recommendations
Strong verbal, written and presentation communications skills.Proficient in Microsoft Word, Excel, PowerPoint, and Visio.
Education, Experience and Certifications
Minimum five years of Information Systems Technology audit experience.
CISA is required.
Experience auditing some of the following: SAP, Windows, UNIX, Oracle, SQL, LANs, WANs, Internet/Firewalls, Network Security and Infrastructure, Cybersecurity.
Approximately 15 – 20% travel primarily within New York State.