Principal Internal IT Auditor

Description

About BankFund:

BankFund Credit Union is a full-service financial cooperative that was organized and chartered in 1947 as a convenient place for employees of the World Bank Group and International Monetary Fund and their families to save and to obtain credit. Located in Washington, DC, BankFund maintains three full-service branches downtown with our headquarters located near Farragut West metro station. This position is classified as a hybrid role which means that on-site work will be expected. After completion of training for the role, staff generally work on site 40% of the time but this is subject to change based on health and safety standards and operational need.

Summary:

Provides objective assurance and advice that adds value as part of a high performing, highly engaged Internal Audit team comprised of internal staff and co-sourced resources. Includes recommending change that enhances internal control, governance or risk management processes. Assists the organization in achieving its objectives by evaluating the effectiveness of governance, risk management, and internal controls, to meet operational objectives, comply with regulatory requirements, and execute the organization’s overall strategy. Identifies business process improvement opportunities and makes recommendations to improve performance.  

Responsibilities:

• Manage staff to plan, coordinate, execute, and report risk-based operational, IT, and regulatory internal audits in accordance with the Internal Audit charter and the approved audit plan. Audit observations are discussed and agreed upon with senior management and included in audit reports that are written by the Senior IT Auditor and issued to the Supervisory (Audit) Committee, Executive Management, and applicable front-line management.
• Design, develop, direct, and execute audit engagement programs (including identifying appropriate data analysis techniques for audit procedures and/or analytical comparisons that may identify potential issues) to evaluate management controls over all BankFund operations and the effectiveness of management in their stewardship of the organization’s resources and compliance with established policies and regulations.
• Design, develop, direct, and execute audit reviews of BankFund IT systems, IT risk management, data security applications, and other business processes and controls, governance practices, and provide recommendations for improvement where necessary. Lead integrated audits that span IT infrastructure, business functions and enterprise applications, and recommend improvements to enhance security, risk management, and operational efficiency. 
• Establish and maintain relationships with leaders and staff as needed within the assigned business lines regarding technology and operational audit activities.
• Direct and review the work performed by staff-level auditors and provide continuous coaching and feedback. Provide mentoring, insight, and support to aid staff in professional development.
• Utilize advanced data analytics techniques where applicable to plan / scope audits as well as during project fieldwork. This includes analyzing data to identify trends to determine key areas of audit focus and further investigation. Results of data analytic procedures are also included in audit exit packages and final reports, where applicable.
• Assist in planning and executing an annual Internal Audit Risk Assessment to develop the annual audit plan, including researching organizational and industry trends to rank and prioritize inherent and residuals risks to the organization and develop a comprehensive audit plan. Incorporate technology and data-centric risk factors into the plan.  
• Assist the Internal Audit Manager in creation of monthly/quarterly Supervisory (Audit) Committee packages to discuss audit results, the status of current audit projects, and the implementation of outstanding prior audit observation remediation efforts.
• Monitors the status of prior audit observations and follows up with management to document the completion and implementation of audit and/or exam recommendations.
• Coordinate internal audit activities with the outside opinion auditors, the NCUA examiners, and any other required audit/exams.
• Assist the Vice President and Manager of Internal Audit in creating and managing the budget and level of effort performed by the Credit union’s internal audit co-source provider.
• Assist the Internal Audit Manager in maintaining accountability for Internal Audit’s audit management software, including the preparation, approval, and maintenance of workpaper documentation.
• Monitor the status of all prior audit observations and follow-up with management to document the completion and implementation of Internal Audit’s recommendations.
• Stay abreast of developments in business, including strategic plans and initiatives as well as changes in the regulatory and business environment. Track changes in cybersecurity, data privacy, and evolving technology risks. 
• Always maintain auditor independence (in fact and appearance) and a professional and positive attitude.
• Successfully participate in annual Information Security refresher training. Comply with the Information Security Policy, including the immediate reporting of unusual or suspicious activity to management and the Information Security Officer. Follow all procedures to protect company computers from viruses, and to maintain the security and confidentiality of Credit Union data. 
• Participate in annual Bank Secrecy Act (BSA) and Office of Foreign Assets Control (OFAC) training and demonstrate knowledge and understanding of the BSA and OFAC, including the immediate reporting of unusual or suspicious activity  to the Risk Management Department.  Undertake additional training specific to daily responsibilities and as required to ensure continued compliance with all applicable regulations.
• Ensure the Credit Union’s safe harbor protections as allowed by the BSA. Understand that if confronted with knowledge of existence of a Suspicious Activity Report (SAR), an obligation exists to preserve the confidentiality of that SAR, as well as any information that may reveal the existence of a SAR.  Maintain awareness of, and immediately report to the Compliance Officer, any unauthorized disclosure of a SAR, or unauthorized disclosure of information related to a SAR. Understand that failure to do so is a violation of federal law and may lead to both civil and criminal penalties for SAR disclosure violations.
• Maintain professional certifications via completion of Continuing Professional Education courses. 
• Lead the development and integration of continuous auditing and data monitoring techniques when such opportunities arise. 
• Demonstrate commitment to the Credit Union’s IMPACT philosophy.
• Coordinate third party audit document requests and contribute to conversations under the supervision of the Vice President of Internal Audit and / or Internal Audit Manager.
• Undertake other work-related duties as assigned by the Vice President of Internal Audit and/or the Internal Audit Manager.

Requirements

Education:

• B.S. Degree Information Systems, data analytics, computer science, or other relevant majors; or equivalent combination of education and experience.
• Master’s Degree in technology-related field preferred.

Professional Qualifications: 

• Minimum of 5 years of relevant experience to independently evaluate IT general controls over security processes, infrastructure, network, applications/software, cloud services, and databases according to established timetables and requirements
• Professional certification, such as CISA, CISM, CISSP, or CIA with IT audit experience 
• Applied knowledge of the principles and practices of internal auditing
• Understanding of key U.S. and global financial services regulations and regulatory developments relevant to IT risks and controls
• Fundamental understanding of risk management frameworks (COSO, COBIT, etc.), internal control practice directives, and experience in applying them to perform evaluations of various operations functions
• A solid understanding of IT systems, technologies, and security principles. Knowledge of project management, and agile auditing techniques.
• Experience conducting IT audits (e.g., network security, cloud, Information Technology General Controls, application audits) and performing data analytics on large datasets. 
• Fundamental understanding of risk management frameworks, internal control practice directives, and experience in applying them to perform evaluations of various operations functions
• Demonstrated analytical and problem-solving capabilities; experience with data analytics software a major plus (e.g. Power BI, ACL, IDEA, Arbutus, Tableau (Desktop, Server, Prep), etc.)
• Experience and subject matter expertise with financial service-specific core, lending, or any other key operational software a plus. 
• Strong interpersonal, written, and verbal communication skills with the ability to interact with all levels of the organization, advise on audit trends, mentor others and influence change

Additional Qualifications:

• Advanced written and verbal communication skills and presentation skills
• Demonstrated analytical and problem-solving capabilities
• Highly motivated, organized, and energetic with collegial work style
• Demonstrated integrity within a professional environment
• Ability to build a strong rapport and earn the respect of business owners
• Manage staff to achieve quality results

For internal purposes, this position is graded as Exempt-12. 

The anticipated annualized base salary range for this position is $100,000 to $126,000. Final base salary for this role will be based on the individual’s job-related experience, skillset, training, certifications and market demands. The benefits available for this full-time position include but are not limited to: medical, dental, and vision insurance, 401(k) plan, life insurance coverage, disability benefits, tuition assistance program and paid time off, including paid parental leave benefits. In addition to base compensation salary, this role position is eligible for an annual incentive plan.