Position Summary: Under the direction of the IT Audit Manager, the IT senior internal auditor is responsible for the timely execution of audits of information security and distributed systems information technologies, processes, and related activities, risk-based internal audits in accordance with the annual audit plan, as well as assisting with other audit matters and projects. The IT senior internal auditor will perform tests of the company’s internal controls and processes to ensure that they are adequate, functional and adhere to regulatory requirements, established organizational policies and procedures and acceptable industry practices. Work performed will include coverage of critical areas of technology including operating systems, networks, and application processing environments and information security and identification and assessment of key risks and controls. The IT senior internal auditor may often direct and review the work performed by other internal audit personnel, including resources from the co-sourcing firm.
Prepare audit working papers in appropriate formats that clearly demonstrate the testing, objective, and work performed.
Demonstrate appropriate professional skepticism by asking clarifying questions and analyzing information presented by management.
Assess internal controls and identify deficiencies based upon analysis of the audit evidence prepared and develop recommendations to address the relevant risk.
Assists in developing and executing a risk-based audit program.
Assist in conducting internal audit risk assessment and the development of the annual audit plan.
Assist in developing internal audit scope, performing IT audits (e.g. IT General Controls reviews), analyzing and evaluating information technology (IT) security risks and controls and developing written reports of IT and business risks, control descriptions, findings, and IT risk reduction recommendations.
Collect and maintain sufficient supporting documentation of tests of control design and operating effectiveness and compliance with policies and procedures.
Assist internal audit management with periodic reporting to the Audit Committee and championing internal control and corporate governance concepts throughout the business.
Clear and concise communication of audit findings to management.
Work with management to develop agreed-upon action plans that will assist in meeting the company’s goals and objectives, while enhancing the overall internal control environment
Build and maintain relationships with business partners at the manager and staff levels.
Maintain current understanding of internal audit procedures and business risks associated with audited processes, including a current understanding of industry best practices regarding control environment, fraud prevention/detection, regulatory requirements, etc.
Assists in the tracking of testing results and remediation of findings as a part of an ongoing Internal Audit program.
May support departments in evaluating and recommending improvements to business practices, processes and control procedures.
Maintains a current understanding of stated procedures and policies, including operating systems, networks and application processing environments and information security issues.
Maintains a current understanding of and complies with Bank procedures and policies, including regulatory compliance issues related to Bank Secrecy Act, GLBA, and Safeguarding Customer Information.
Maintains a current understanding of industry “best-practices” regarding control environment, fraud prevention/detection, etc.
Maintains professional certification(s) and continue to develop and expand knowledge of the audit profession, information systems, bank regulatory issuances, our industry, and Company products and information through self-study, research, and continuing education efforts.
Performs other duties as assigned.
Education, Experience, And Other Skills Required:
Bachelor's degree in accounting, business, information systems or computer science preferred.
Minimum 3-5 years of IT Audit experience (related IT operations experience will be considered)
CISA, CISM, CISSP, CIA, PMP, CPA certification or Commissioned Bank Examiner designation
Expertise in IT risk and compliance areas such as IT/IS Internal Controls, End-User Computing, Application Security, Network Security, Business Continuity and Disaster Recovery, Mobile/Web-based applications, Change Management/SDLS, M&A Implementation, FFIEC guidelines, IT Privacy, IT Vendor Management, etc.
Understanding of internal auditing standards and knowledgeable regarding Sarbanes-Oxley Act (SOX), FFIEC, GLBA, AT501 and similar requirements.
Knowledge of the new COSO (Committee of Sponsoring Organizations of the Treadway Commission) 2013 control framework, Sarbanes Oxley and FDICIA.
Knowledge of information security management frameworks (e.g. COBIT, ITIL, NIST Cybersecurity Framework, etc).
Possess a thorough understanding of corporate IT-related trends, such as cloud computing, Agile project management, ITIL, DevOps, data loss & recovery, data analytics, GRC, business continuity, disaster recovery, and the current ERP offerings
Strong interpersonal skills and ability to work as team lead and a team member.
Ability to work independently, with limited required direction and guidance, and provide appropriate direction to other internal audit project team members.
Exhibit the leadership skills needed to sell ideas and obtain management buy-in for constructive change.
Tri Counties Bank, where we like our opportunities big and our lives balanced.
We're looking for people who want to make a difference - go getters committed to rolling up their sleeves to make things happen. It’s an approach we call Service With Solutions and it drives everything we do. It’s also why we’ve become a financial institution nearly $4.5 billion strong. A number that’s increasing ...thanks to our dynamic employee talent and deep resources. All of which is creating career growth that’s wide-open.
Established in 1975, Tri Counties Bank is a wholly-owned subsidiary of TriCo Bancshares (NASDAQ:TCBK) headquartered in Chico, California, providing a unique brand of customer Service with Solutions available in traditional stand-alone and in-store bank branches in communities throughout Northern and Central California.
The Bank provides an extensive and competitive breadth of consumer, small business and commercial banking financial services, along with convenient around-the-clock ATM, online and mobile banking access.
Tri Counties Bank has remained strong and profitable through a top-down commitment to its core values, sound business principles and responsible lending practices.
Our success is also based on our involvement in the communities we serve. The personal touch comes naturally to Tri Counties Bankers. You may recognize us at business, school and non-profit events, baseball games and local eateries, skiing in the mountains, boating on the lakes, and fishing the local streams.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities