AT&T Lead IT Auditor in St Louis, Missouri
Overall Purpose: Responsible for performing risk assurance and advisory engagements to analyze and assess the company’s technological infrastructure to identify, report, recommend and validate audit corrective actions that enable processes and systems to run accurately and efficiently, while remaining secure and meeting compliance regulations.
Key Roles and Responsibilities: Performs technology risk assessments, identifies related technical and technology-dependent controls, defines assessment criteria, develops and executes technical test plans, identifies and reports deficiencies and recommendations, and performs follow-up on corrective actions, consistent with applicable professional standards required by the Audit Services Charter approved by the Board’s Audit Committee. Has advanced knowledge of IT governance and security frameworks (e.g., ITIL, NIST) and control frameworks (COBIT, COSO) and methodologies and may be a specialist in specific technology platforms or domains including operating systems, databases, information security, public/private cloud, code development methodologies, technology governance, etc. Utilizes a data-first audit approach, technology audit tools, and Computer Assisted Auditing Techniques (CAAT) to perform advanced analysis of company technology environments. Identifies opportunities for data-driven technology risk insights, continuous auditing, and robotic process automation. Develops findings and recommendations for incorporation into an audit report and presents results to Senior Management. Work product may be shared directly with the Audit Committee of the Board of Directors. May work in a limited role as an extension of the company’s independent auditors and/or on highly sensitive independent projects. May participate in audits in high-risk areas such as joint ventures, partnerships and subsidiaries.
Job Contribution: Exercises judgment within broadly defined practices and policies in selecting methods, techniques and evaluation criterion for obtaining results for technology-based risks. Operates primarily with a team as an individual contributor but may operate independently on an assignment basis. Project execution is critical to meet risk coverage and project commitments approved by the Audit Committee of the Board of Directors. Provides guidance to less experienced and non-technical team members.
Education: Typically a bachelors degree with information systems focus or equivalent combination of education and experience. CISA, CISM, CRISC, CISSP or other technology audit or advisory-related certifications preferred.
Experience: Typically requires 5-7 years of relevant experience.
We expect employees to be honest, trustworthy, and operate with integrity. Discrimination and all unlawful harassment (including sexual harassment) in employment is not tolerated. We encourage success based on our individual merits and abilities without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability, marital status, citizenship status, military status, protected veteran status or employment status.