- Job Title
- IT Auditor
- Job ID
- Farmington Hills, MI 48334
- Other Location
IT Auditor/Controls Analyst
This position will report directly to the GRC Manager and work collaboratively with the other parts of the company. The GRC Team also functions as an Internal Audit and Internal Controls department for the company and its three subsidiaries. The significant growth of the organization has prompted the need to expand the GRC team.
As a GRC team member, you will have the opportunity to support multiple processes including: Third Party Risk Management, Policy Management, Internal Controls, Third-Party Audits, Corporate Risk Management, and Issue Management.
+ Testing IT/Entity Level Controls to confirm whether controls are operating effectively and designed appropriately.
+Manage the process of control changes throughout the year including the yearly control certification process
+ Coordinate with Control Owners to provide audit evidence and resolve findings for Third-Party Audits
+ Assist with documenting, monitoring, enforcing, and reviewing policies, controls, processes, and procedures, coordinating policy enhancements with departments throughout the organization
+ Assist in supporting ODE’s current and future compliance related responsibilities (SOC, PCI-DSS, ISO, etc.)
+ Other responsibilities as assigned
Preferred Skills and Experience
· A bachelor’s degree in related field
· 0-2 years of experience in Internal Audit, Internal Controls, Risk Management, Compliance, Policy Management, Project Management, or Third-Party Risk Management, or applicable degree
· Familiar with IT internal controls
· Strong organizational and multitasking skills
· Excellent communication and detailed oriented skills
· Experience with common compliance standards (SOX, SOC, PCI-DSS, ISO, CCPA, etc.)
· Familiarity with IT security frameworks (ISO 27001, NIST, etc.) and general IT security concepts
· Familiar with reviewing SOC 1 & 2 reports
· Experience with AuditBoard, Agliloft, Microsoft Excel, SharePoint, or other tools to monitor and test controls and/or manage Third-Party Risk