Audit (IT) Manager
Metropolitan Transportation Authority · New York, NY · 2 wk ago
On-siteAccounting$125k/yrOther
Responsibilities
- Lead Risk-Based IT Audits: Plan and execute IT audits covering general controls, application controls, cybersecurity, cloud (IaaS/PaaS/SaaS), identity and access management, network and endpoint security, databases, and data governance.
- Assist and support the Director/Assistant Auditor General in the performance of their duties, and in the absence of the Director, act on the Director's behalf in all matters related to that unit's activities.
- Coach, counsel, advise, and assist in the professional development of audit staff, as required.
- Audit Planning & Scoping: Develop risk-based engagement-level audit plans, define objectives and scope, perform preliminary risk assessments, and establish detailed testing programs.
- Control Testing & Analytics: Design and perform control tests using appropriate sampling and data analytics (e.g., ACL, IDEA, SQL, Python) to increase coverage, depth, and efficiency.
- Frameworks & Compliance: Assess control maturity against NIST, COBIT, ISO 27001, ITIL, and relevant regulatory requirements (e.g., SOX where applicable, privacy/security mandates).
- Cloud & ERP Focus: Evaluate controls in major systems (e.g., AWS/Azure, enterprise applications/ERPs), including change management, configuration, interfaces, and data integrity.
- Cyber & Third-Party Risk: Perform audits of cybersecurity controls, incident response, vulnerability/patch management, and third-party/vendor risk, including contractually required controls and service level compliance.
- Issue Management: Identify root causes, quantify impact, recommend pragmatic remediation, and track management action plans to timely closure; escalate risks appropriately.
- Reporting & Communication: Draft clear, concise audit reports; present findings and recommendations to IT and business leaders; prepare materials for senior management and Board-level committees as requested.
- Stakeholder Engagement: Build collaborative relationships with key stakeholders from Information Technology, Legal, and other agency leadership; translate complex technical issues into business terms and actionable steps.
- Quality & Standards: Ensure audits comply with the IIA's International Professional Practices Framework (IPPF) and internal methodologies; and, contribute to methodology updates and audit tool optimization.
- Team Leadership: Supervise auditors; provide coaching, on-the-job training, performance feedback, and professional development; foster a culture of integrity, curiosity, and continuous improvement.
- Continuous Auditing/Monitoring: Implement continuous auditing/monitoring and data-driven risk indicators to proactively detect anomalies and emerging risks.
Qualifications
- Demonstrated ability to work with all levels of the organization.
- Excellent analytical and business judgment skills.
- Proven ability to manage multiple projects simultaneously in a fast-paced environment.
- Understanding of professional audit practices, including audit program and workpaper development.
- Excellent communication and interpersonal skills.
- Bachelor’s Degree in Arts/Sciences (BA/BS) Accounting, Business Administration, Computer Science, Information Technology, or a related field; an equivalent combination of education and experience may be considered in lieu of a degree.
- Minimum 8 years Satisfactory full-time experience conducting IT audits in internal audit, public accounting/consulting, or a similar role within a complex organization.
- Minimum 1 year of Prior information technology or computer systems experience.
- Minimum 1 year of Supervisory/lead experience managing audit projects and mentoring staff.
- CIA, CISA, or CPA, and supervisory/lead experience managing audit projects and mentoring staff within 1 Year.