- Manchester, England, United Kingdom
- Permanent, Full time
- BNY Mellon
- 17 Oct 17 2017-10-17
Internal Audit's mission is to contribute to the effectiveness of the Company's internal controls by providing independent, risk-based assurance reviews designed to identify control risks, risk mitigants, control gaps, and opportunities to improve efficiency. The BNY Mellon Group Internal Audit function has a number of locations internationally across the US, EMEA and APAC regions.
~~Job Purpose: (What the job role involves)
Internal Audit carries out independent reviews across all areas of management activity, including ad- hoc reviews at the request of management, involvement in key projects and reviews of systems under development, and formally reports findings with recommendations to the Audit Committee, Executive, Senior and Line management across the BNY Mellon Group.
The department is responsible for reporting on risks and the control environment across all areas of the business and the support functions to senior management Globally and to provide management with reasonable assurance that operating controls are adequate and effective.
Responsibilities: (Key parts to the job role)
• •Lead and execute the testing of technology processes as per Audit policies, methodologies, and standards, primarily covering strategic high risk development programs.
• •Operate effectively as a team member, or independently, and take responsibility for specific procedures and results as agreed upon with his or her manager in relation to technology audit work.
• •Work with business audit colleagues and undertake integrated audits providing technology audit coverage of business applications and associated technology controls.
• •Communicate effectively with clients and audit team members; interacting effectively with senior managers, Audit team members and other stakeholders
• •Take ownership of the projects or other work assigned and ensure that audits are carried out correctly and in a timely manner.
• •Contribute to the planning stage of an audit, identifying and defining project scope using a risk based approach and developing appropriate risk based project audit work programs,
• •Able to take a pragmatic approach based on risk / controls.
• •Document systems and support processes, conduct interviews and reviews and analyse evidence obtained
• •Evaluate project controls and work collaboratively with management to identify actions needed and then follow-up and validate sustainable resolution of issues on a timely basis.
• •Conduct data extraction, analysis, and security reviews utilising software tools (when applicable).•Identify, develop, and document audit issues and recommendations using independent judgement concerning areas being reviewed.
• •Prepare audit reports / dashboards.
• •Manage people on discrete projects on a consistent basis with little oversight when 'Auditor In Charge'.
• •Complete tasks efficiently (on time, on budget, accurately).Learn new technology, businesses, processes and regulations effectively and quickly.
• •Engage in relevant training regarding audit, technology, businesses, financial controls, regulations.
Requirements; (what we are looking for)
• Qualifications: Qualified IT Auditor (QiCA or CISA) with relevant experience in technology audit, preferably including Financial Services experience.
• Experience of auditing complex high risk change projects.
• Skilled in conducting detailed technology audit: collecting and analysing complex data, evaluating information and systems, and drawing logical conclusions.
• Knowledge, and detailed experience of, application technology controls, general computing controls development environments, user acceptance testing, change management and end user computing controls.
• Knowledge of operating system technology (i.e. Unix and Windows), databases (e.g. SQL & Oracle), Web-based technology, and basic infrastructure control issues.
• Experience in assessing IT infrastructure control environments in both mainframe and distributed platforms
• Strong interpersonal skills for performing auditee interviews, negotiating issues and resolving problems.
• Ability to self-motivate and able to take ownership of tasks allocated, with limited supervision over once understanding of our methodologies.
• Working knowledge of generally accepted IS audit standards, statements and practices, and IS security and control practices (e.g. ITIL, COBIT, FFIEC, ISO27001, Prince/PMP). Working knowledge of perimeter and infrastructure security would be advantageous.
• Knowledge of the financial services industry and its regulations and laws would be an asset.
• Experience in real time audit of complex high risk change programs, taking responsibility from planning to reporting and issue follow-up