IT Audit Lead
Position Overview
The IT Audit Lead will support the execution and enhancement of the Technology Risk & Control Self-Assessment (RCSA) program. This individual will facilitate RCSA workshops, assess risks and controls, identify documentation and control gaps, enhance control language, review testing procedures, and partner with Technology and First Line of Defense stakeholders to drive remediation efforts.
Key Responsibilities
- Facilitate RCSA workshops, document outcomes, track action items, and drive issues to resolution.
- Review risk and control documentation against established standards and identify gaps, inconsistencies, and remediation opportunities.
- Evaluate and enhance control descriptions to improve clarity, testability, and audit readiness.
- Review control testing scripts and recommend improvements to ensure alignment with control objectives and evidence requirements.
- Support technology control testing activities, including evidence review, exception tracking, and validation of results.
- Maintain Risk & Control Matrices (RCMs), process maps, and related governance documentation.
- Ensure traceability across RCSAs, controls, testing procedures, issues, and change records.
- Partner with Technology, Risk, Compliance, and First Line stakeholders to strengthen control effectiveness and governance practices.
Required Experience
- 8+ years of experience in IT Audit, Technology Risk, IT Controls, Operational Risk, Risk Governance, RCSA, or Control Testing.
- Strong understanding of RCSA methodology, risk assessments, control design, testing, issue management, and remediation.
- Experience facilitating workshops and partnering with Technology, Risk, and Control stakeholders.
- Proven ability to assess risk and control documentation and identify improvement opportunities.
- Experience enhancing control language and reviewing control testing procedures.
- Knowledge of Risk & Control Matrices (RCMs), process mapping, control frameworks, and governance processes.
- Experience within financial services, banking, or highly regulated environments.
Preferred Experience
- Experience with technology control domains including: Access Management, Change Management, Cybersecurity, Infrastructure & IT Operations, Data Protection, Third-Party Technology Risk.
- Experience with preferred certifications: CISA, CRISC, CIA, CISM, CISSP, CGEIT, COBIT, ITIL, ISO 27001, or equivalent risk/control certifications.
Benefits
Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our ‘Welcome Packet’ as well, which an Everforth Apex team member can provide.