Assesses the adequacy of controls within the Technology environment. Performs all aspects of technical audits of IT internal control practices, including, but not limited to; security, infrastructure, network, business systems, business operations and managed solutions. Acts as a liaison between Auditing and Consulting Services and the Technology Division in the procurement of system related services.
REPORTING/WORKING RELATIONSHIPS :
Reports to the Manager, Information Systems Auditing from whom overall direction is received. May receive direction from the Director, Auditing and Consulting Services.
ROLES AND RESPONSIBILITIES:
Acts as a consultant for management regarding effective information technology controls. Plans and executes IT general, application, network and infrastructure internal controls reviews. Areas reviewed include, but are not limited to, architecture and configuration settings, application functionality, systems development approaches, change management procedures, system administration and support processes, network (LAN/WAN, Wireless, VPN) and technology infrastructure. Conducts pre and post implementation reviews.
Responsible for assisting operational auditors in those aspects of their engagements that are information system oriented.
Assesses risks associated with information systems and assists the Manager, Information Systems Auditing and the Director, Auditing and Consulting Services, in the development of the annual IS audit plan.
Establishes engagement scopes and objectives, determines procedures to be applied and performs all phases of an engagement in accordance with the approved program, based on the assessed level of risk.
Reviews operations of departments to verify the effectiveness of internal controls over business processes (i.e., computer operations, data library, security, systems development and maintenance, controls in operating software, selection procedures and contract negotiations). Reviews controls related to the administration of the network infrastructure (i.e., security, firewall, backup, monitoring, asset management, physical security, testing and disaster recovery/prevention). Reviews end-user computing to evaluate the adequacy of controls and assists end-users in the development of new or expanding applications
Reviews systems projects on an ongoing basis to verify control standards have been developed and are functioning (i.e. cost/benefit, project plans, project structure, status reporting and testing).
Represent Auditing and Consulting Services on organizational project teams, at management meetings, and with external organizations.
Analyzes Company records to determine compliance with established policies and procedures.
Acts as a liaison with IT business partners to ensure full understanding of business strategy, business processes, data flows, data integrity and data security.
Makes oral and written presentations to Management during and at the conclusion of an engagement, discussing results, associated risks and proposed recommendations for improving the efficiency and effectiveness of operations and the related control environment. Maintains effective business relationships throughout the Companies and related professional organizations.
Performs follow-up procedures and reports on the adequacy of actions taken to correct previously noted conditions.
Actively participates in the overall management of the Department by suggesting improvements to operational and administrative procedures.
Maintains proficiency through continuing education, training and other avenues of professional development.
Participates by adding value to the coordinated internal/external audit effort and provides assistance during examinations performed by regulatory agencies.
Performs other duties as assigned by management.
Requires a baccalaureate degree, preferably with a combination major/minor in computer science, information systems or a related field. Degrees in other business disciplines may be considered if other qualifications are compensatory.
Requires a minimum of 3 years IS auditing experience or the equivalent working experience in the information system profession.
Knowledge / Skills:
Requires the ability to assess the effectiveness of internal controls over key IT risks, identifying significant exposures, analyzing transactions and other management information and detecting changes in key risk and/or control effectives. Skill in developing appropriate recommendations to address exposure.
Must have varied knowledge of IT core technologies, IT operations and core business application including such areas as distributed and mainframe environment (Windows, z/OS, AS400), relational databases (DB2, Microsoft SQL), web-based applications, cloud computing, network and infrastructure technologies.
Requires the ability to work with and maintain confidential information. Must work within the guidelines of the Indiana Farm Bureau Insurance audit approach.
Requires effective oral and written communication skills.
Must have a working knowledge of data analytical tools (i.e. ACL).
Prefer experience in using forensic tools such as FTK and assisting in the conducting of internal fraud investigations.
Must acquire a thorough understanding of the COMPANIES’ general philosophy and objectives, organizational structure, personnel policies, operating methods, procedures and systems.
Must fulfill responsibilities with professional proficiency as defined in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors.
The completion of a job related professional designation (CISA, CISSP) is highly desirable.
The pursuit of an insurance designation (CPCU, FLMI, CLU, etc.) is encouraged.