Information Technology Auditor

About Northern Trust:
Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation since 1889.

Northern Trust is proud to provide innovative financial services and guidance to the world’s most successful individuals, families, and institutions by remaining true to our enduring principles of service, expertise, and integrity. With more than 130 years of financial experience and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service.

Department:
Founded in Chicago in 1889, Northern Trust is one of the world’s leading financial institutions. We specialize in providing asset servicing solutions and asset management to both institutional and personal clients. The delivery of products and services to this client base is supported through a network of offices around the globe.

Role:
The Auditor, Information Technology (IT) is responsible for conducting and documenting audit examinations throughout Northern Trust Corporation. The role is a direct report to the Audit Manager, IT, and is responsible for completing the audit within the stated budget, timeframes, and in accordance with the Audit Services Department Policies and Standards. The IT Auditor provides input to improve operational efficiency and/or to enhance the design or operating effectiveness of the internal control environment. The role also provides technical and auditing expertise, training, and coaching, to auditors during the audit engagement.

Principal Responsibilities:

- Functions in various roles on audit engagements, including leading audits, staffing audits and providing consulting or oversight functions based on the needs of the team
- Manages and performs special projects as needed
- Follow up and perform validation of remediation activities to ensure audit issues are effectively resolved
- Communicates with partners at all levels, across various business units
- Utilizes understanding of various Corporate units and their functions to ensure operations, services, and systems have proper audit controls in place (i.e., design of the control environment)
- Evaluate technology processes, technology controls for design and operating effectiveness
- Applies analytical skills to review information and determine potential control weaknesses
- Develops a thorough understanding of the Northern Trust Audit Methodology and adheres to all applicable Department Standards
- Completes and compiles a high-quality summary of findings and recommendations for review in a concise and professional manner
- Works closely with unit managers to devise specific technology related audit tests
- Responsible for staying current on regulatory requirements and technological changes within the industry

Skills/Knowledge
- Certified Information System Audit (CISA) certification is preferred. Additional certifications such as Certified Information Systems Security Professional (CISSP), or other related certifications is a plus
- Knowledge of audit procedures and technical security and control standards usually obtained through related work experience and a four-year degree program is required to perform system audits
- Knowledge and awareness about the NIST 800-53 controls, NIST Cyber Security Framework, SANS and Center for Internet Security (CIS) is a plus
- Knowledge of technology controls around Cloud Computing reviews - AWS, Azure and Google cloud is a plus
- Solid understanding of ITGC and related processes (e.g., Configuration Management, Vendor Management, Access and Identity Management)
- Understanding of Information Technology Service Management (ITSM) controls (e.g., Incident Management, Change Management, Problem Management)
- Skills as needed to perform testing of information security and cybersecurity controls (e.g., Vulnerability Management, Incident Response, Network Security)
- Analytical and organizational skills are necessary to conduct audits
- Strong issue writing and workpaper documentation skills
- Knowledge of systems and databases such as Windows, UNIX, MS SQL and Oracle is an advantage
- Knowledge of the network devices (e.g., routers, switches, firewalls and load balancers is a plus

Required Experience
- Minimum of 4-6 years of auditing and systems experience
- A College or University degree is preferred and/or entry level auditing experience in a financial institution
- Specialized technical audit or related experience is preferred
- Experience with auditing procedures and technical security concepts
- Self-starter with an ability to self-motivate
- Excellent verbal and written communication skills
- Highly numerate with strong organizational and problem-solving skills with attention to detail
- Ability to proactively assess issues, identify solutions and problem solve
- Ability to react and respond on a timely basis
- Ability to adapt and react positively in a changing and dynamic work environment