Senior Information Technology Auditor

Senior Information Technology Auditor

Horace Mann, honored as “Best Places to Work in Central Illinois" is a service and results oriented, multi-line insurance company and one of Springfield’s top employers. We offer an excellent benefit package that includes a generous vacation policy, a company pension plan and a company 401(k) plan. Qualified applicants may apply online at www.horacemann.com. Select Career Opportunities, click on Home Office Opportunities and follow instructions on the screen.

Committed to EEO and diversity in the workplace

Job Description:

Internal auditing is an independent, objective assurance and consulting activity chartered with helping the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of internal controls, operational processes, and governance activities.

·  The Sr. Information Technology (IT) Auditor performs - specialized auditing involving a broad range of Information Technology and operational functions.

·  Plans and manages complex audits and performs critical project management duties in leading, organizing, scheduling, reviewing, and reporting on the work of auditors and teams.

·  Provides support and expertise in IT and operational auditing standards and assists the IT Audit Manager in the execution of the IT Audit Plan coupled with support in designing the overall IT Audit Plan for achieving Internal Audit's goals.

·  Performs the Information Technology Annual Risk Assessment and IT Audit Plan development, leads and performs technology and other operational audits, and the execution of Sarbanes Oxley Section 404 requirements (as relates to IT) and special projects.

Accountabilities:

·  By November 1 of each year, support the IT Audit Manager in the development and documentation of the IT risk assessment presentation for the VP & Director of Internal Audit that includes key areas of Information Technology risk and related Audit Plan for inclusion in the following year's Annual Audit Plan. The presentation should include general IT controls (security, IT operations, change management, and life cycle) as well as specific application and recommended process reviews.

·  Develop under the direction of the IT Audit Manager the audit program for Information Technology audits, lead the audits, identify root causes of control weaknesses, and draft the report to management and the Audit Committee of the Board of Directors documenting those findings. Further, develop and present the initial findings to Senior Management and work with management to develop solutions that provide the appropriate level of internal control with consideration of operational efficiency and effectiveness. Depending on the size of the audit, the Sr. Information Technology Auditor supervises other Internal Audit staff or consultants to complete the audit work.

·  Develop under the direction of the IT Audit Manager the risk framework for the IT Division as it relates to compliance with Section 404 of the Sarbanes-Oxley Act. Identify key controls that are in place within the Horace Mann environment that mitigate the risks identified. Validate the risks and controls with IT Management. Test the key controls identified to ensure and verify that they are working as intended. Report to management on those controls that are not working as intended and work with them to recommend solutions that provide the appropriate level of internal controls with consideration of operational efficiency and effectiveness.

·  Develop and implement a continuous audit plan that directly tests the integrity of processing and the reliability of underlying internal controls, and gather and analyze related test data. This allows exceptions to be identified on a timely basis and reviewed for appropriate handling.

·  Assist in "non-Information Technology" audits to test key controls where the key controls are located within the Information Technology Division infrastructure. Provide on-going training to non-IT auditors so that integrated audits are completed and they understand the relationship of IT processes, risks and controls to the overall process under audit.

·  Perform reviews of new or changed IT systems to identify process and control gaps
prior to them becoming a "real" issue subsequent to the system's implementation.

·  Develop and document Computer Assisted Audit Techniques (CAAT's) to extract and manipulate data from complex computer systems and to facilitate substantive testing procedures (i.e. passport, access, VB).

Requirements:

·  5-7 years of relevant IT experience with 3-4 years experience in Internal or External

Audit as an Information Technology Auditor.

·  Candidates must have a track record of advancement through progressively challenging assignments and professional roles.

·  Experience in insurance, financial services, or other highly regulated organizations (e.g., Sarbanes-Oxley) desired but, not required. .

·  Candidate must possess a Bachelor's degree in computer science, information systems, or a business degree coupled with relevant technical experience.

·  A Master's degree in a relevant field of study is preferred.

·  Candidate should also possess at least one of the internationally recognized IT auditing credentials — CISA, CISM, or CGEIT.

·  Additional IT or risk management certifications are considered a plus (e.g., CISSP, CFE, CBCP, PMP, ITL, etc.).

·  Candidates should have a demonstrated ability to work with diverse constituents in a team environment.

·  Advanced knowledge of IT Audit standards, methods, and tools.

·  Proven technical knowledge beyond general controls including breadth of knowledge to support IT Governance, IT Security, application, networking, and database audits.

·  Proven confidentiality, integrity and objectivity

·  Demonstrated analytical thinking and problem solving

·  Ability to provide directions and oversee execution of audit tasks and plans

·  Work paper documentation leading standards

·  Demonstrated personal initiative

·  Strong interpersonal skills and the ability to influence various constituencies

·  Working knowledge of applicable Insurance Industry Standards and Regulations and applicable Information Technology risk management and controls guidance (e.g., COBIT, NIST, ItIL etc.)

·  Strong written and verbal communication skills

·  Must be able to develop and maintain effective working relationships with others, to

include internal and external clients, as well as, work in a team environment

·  Strong Audit / project management; leadership, coaching, and mentoring

·  Demonstrated supervisory skills in the event oversight is needed for general controls auditing being conducted by an auditor or staff auditor

·  Must be eligible to work in the United States without employer Sponsorship.