The Senior Technology Audit Manager conducts internal audit activities within the organization, including providing independent, objective assurance and consulting activity designed to add value and improve the organization's operations. Internal audit is intended to assist the organization in accomplishing its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Internal Audit is accountable for developing and implementing a risk-based internal audit plan, assisting management in complying with applicable internal control policies and regulations, and working with management to bring cost effective and efficient leading practices. Internal Audit has the authority to perform internal audit and consultative services, have access to necessary data when requested, obtain assistance of Authority personnel as needed. Activities may include audits of financial, operational, compliance/regulatory, IT or strategic business functions and related risks and controls. May also include execution of special investigations/audits involving cases of fraud, waste, and abuse and/or ethical/regulatory complaints. Operate as ambassador and champion of the Internal Audit vision and strategy by demonstrating support and actively communicating with the team and the business.
• Manage high quality, professional day-to-day planning, scheduling, execution, and reporting of internal audit engagements and projects within established timelines and budgets; provide overall guidance and direction of the team in conducting the entire audit engagement lifecycle from planning through reporting.
• Oversee engagement operations and address the occurrence of unanticipated issues, demonstrating flexibility assisting the team in prioritizing and completing tasks and communicating potential conflicts and recommended solutions to the Director Internal Audit – Technology and the SVP Internal Audit.
• Responsible for managing multiple highly technical and complex concurrent audit engagements and the overall evaluation of key risks and internal controls, approving audit programs/risk & control matrices, reviewing benchmarking of operational processes and controls, and communicating opportunities for efficiencies/performance improvement based on leading practice; work with the Director Internal Audit – Technology and SVP Internal Audit to communicate findings/recommendations to senior management and client personnel.
• Responsible for managing technology audit execution and engage third party technical expertise.
• Participate in annual risk assessment activities, as appropriate, including leading interviews and/or survey processes, approving audit plans and risk assessment templates as well as preliminary audit scope areas; work directly with the Director Internal Audit – Technology and SVP Internal Audit to validate auditable entities and risk factors and to develop the long-range risk assessment and audit plan.
• Support team in audit opening and closing meetings, as appropriate.
• Manage team in conducting testing procedures including, but not limited to, detailed tests of controls including sampling/confidence levels, analytical procedures, Computer Assisted Auditing Techniques (CAATs), and other audit procedures to address risks identified and to test internal controls; responsible for directing work conducted by audit engagement teams.
• Responsible for guiding and reviewing high quality deliverables created audit engagement teams using appropriate business and technical language, reviewing audit work performed and results by reviewing and approving work papers and validating audit issues clearly articulate issue/root cause, risk/exposure, and recommendations for improvement to substantiate audit results; responsible for directing work conducted by audit engagement teams.
• Oversee and review the drafting of internal audit reports and other audit deliverables, directing the work conducted by audit engagement teams.
• Responsible for approving documentation of processes and sub-processes in the form of walkthroughs (in a format that allows them to be reperformed), narratives, and flow charts for audit areas in scope as prepared by audit engagement teams.
• Manages team in conducting interactions with clients to validate the information/communication flow from the client to the audit team is efficient and effective; collaborate directly with clients and discuss client concerns through building solid relationships; and work with client in an organized and knowledgeable manner/actively oversee client discussions and meetings.
• Guide and direct the organization and maintenance of client documentation in a manner consistent with safekeeping practices.
• Use available technical resources and tools to research and expand one's sphere of knowledge to enhance audit value; remain up-to-date on industry trends and NYPA-related strategic intent while sharing the knowledge amongst the team where applicable; be a knowledge champion providing insights to audit engagement teams.
Knowledge, Skills and Abilities
• The level of job complexity is advanced; must have excellent managerial and administrative skills to simultaneously execute multiple complex audits. Demonstrated integrity, values, principles and work ethic.
• Excellent knowledge of Information Systems auditing concepts and techniques, including IT General Controls, with ability to apply to specific audit assignments.
• Excellent knowledge of COBIT, NIST, ITIL.
• In depth working knowledge of relevant auditing concepts and techniques and thoroughly familiar with COSO, IIA Standards.
• In depth working knowledge of GAAP, GAGAS, FERC, NERC, FASB.
• Knowledgeable of typical Internal Audit functions and operations.
• Thorough understanding of the electric utility industry including familiarity with current trends in marketing, rate setting and generation, transmission and distribution.
• Ability to manage teams in the identification and articulation of key risks and controls for processes and subprocesses, develop and execute audit steps for a variety of audits.
• Ability to effectively plan, organize, execute and supervise a variety of complex audits conducted simultaneously; ability to supervise various levels of auditors and develop their skills and provide leadership.
• Deep knowledge and application of audit concepts and techniques.
• Expert written and oral communication skills; requires critical thinking and analytical ability in accumulating and interpreting large amounts of data and information to identify audit issues and develop practical cost effective solutions.
• Excellent leadership to inspire and motivate others to perform well; ability to provide continuous performance feedback and encourage growth and development of staff.
• Provide creative input that will drive greater efficiency and value to the audit process; participate in the development of new internal audit processes and ongoing process improvements.
• Manage multiple senior auditors and auditors on audit engagements; ability to develop auditors and seniors and maintain their motivation while ensuring quality of work; ensure that team resources understand assignments, priorities and expectations and are held accountable for success.
• Exhibits a professional attitude and work ethic and has ability to interface effectively with peers and clients.
• Excellent understanding of sampling strategies and confidence levels and use of data analytics.
• Deep skills in execution of project management techniques and engagement closure.
• Strong/excellent negotiation skills.
• Demonstrated ability to thrive in a dynamic, fast-paced environment and manage multiple projects/resources simultaneously.
• High standard of ethics and professionalism.
• Strong interpersonal, written, and verbal communication skills.
• Excellent knowledge and experience with auditing tools such Microsoft Access, Word, Excel, PowerPoint, SharePoint and Visio.
||Education, Experience and Certifications
• Bachelor degree in MIS, Accounting, Finance, Business, or equivalent discipline.
• Minimum ten years diversified Information Technology experience with solid record of increasing responsibility, preferable from a combination of Big 4 and/or major corporation.
• Minimum of 8 years supervisory experience managing audit teams.
• CISA or CISSP required, MBA highly desirable, CIA, CPA, CISM, CGEIT, ITIL professional designation a plus.
• Experience auditing the following: SAP, Windows, Unix, Oracle, SQL, LANs, WANs, Internet/ Firewalls, Network Security and Infrastructure, Cybersecurity.
• Experience performing audits of business applications and conducting application reviews and system implementation audits.
• Experience with auditing tools such as IDEA, Audit Control Language (ACL) or IDEA and Tableau preferable.
• Approximately 15% - 20% travel primarily within New York State.
• The New York Power Authority is an Equal Opportunity Employer