Senior IT Auditor

The Senior IT Auditor is part of a highly collaborative team and supports audit activities across technology domains including application reviews. cybersecurity, IT risk management, enterprise architecture, infrastructure, and vendor management.

Success in this role requires strong audit execution skills and clear, confident communication, paired with an analytical mindset and comfort working across technology domains (e.g., IT risk, cybersecurity, cloud, applications, infrastructure).

The Senior IT Auditor is responsible for executing and documenting IT audit testing (including issue remediation testing) and assessing the soundness, adequacy, and compliance of IT processes, risks, and controls in alignment with MetLife policy and leading practices.

You'll collaborate closely with Internal Audit team members, audit stakeholders, and auditees/business management in an environment where every contribution is respected, and every perspective is heard.

How You'll Help Us Build a Confident Future (Key Responsibilities)

Lead assigned portions of audit engagements by driving your testing responsibilities forward-executing walkthroughs, sampling, control testing, and drawing conclusions with professional skepticism.

Create high-quality audit documentation and deliverables, including well-supported workpapers that meet Internal Audit quality and professional standards.

Oversee your evidence requests and follow-ups by organizing, tracking, and validating audit support from auditees to keep work moving efficiently.

Manage timely communication with IA peers and stakeholders-raising risks, barriers, or scope considerations early and escalating appropriately to keep projects on track.

Develop your expertise across a broad IT audit landscape (e.g., cybersecurity, IT risk management, enterprise architecture, applications, infrastructure, vendor management) to support evolving audit coverage needs.

• 2-4 years of IT internal or external audit experience to effectively execute testing, document results, and support audit and remediation validation work end-to-end. Equivalent experience in IT Governance, Risk and Compliance (GRC) domains such as information security, change management or risk management will be considered towards the expected years of experience.
• IT General Controls (ITGC) knowledge (e.g., security, change management, disaster recovery/backup, infrastructure) to evaluate control design and operating effectiveness in real environments.
• SDLC/Agile, cybersecurity, and cloud understanding to assess risk and controls across modern delivery and hosting models.
• Audit frameworks familiarity (e.g., IIA, COBIT, NIST, SOX, PCI DSS) and the ability to apply them when assessing governance, risk, and control expectations.
• Strong communication skills and an effective work style-including writing, verbal communication, listening/interviewing, and proactive escalation to resolve barriers.
• A collaborative, growth-oriented mindset with comfort sharing ideas, building relationships, and delivering high-quality outcomes with others.

What Can Give You an Edge (Additional Skills)

Suggested 1-2 years of experience in information security, Application Support or equivalent IT/network management to deepen your effectiveness on specialized technology reviews.

Certifications (in progress or willingness to pursue): CISA, CIA, CISM or CISSP, strengthening your audit credibility and technical depth.

Financial services industry experience, supporting faster context-building and sharper risk judgment in a regulated environment.

An AI and data-curious, improvement-minded approach-using analytics and AI tools and available data to draw stronger control conclusions and focus effort where risk is highest.