Audit (IT) Manager
Role details
Job location
Tech stack
Job description
Lead Risk-Based IT Audits. Plan and execute IT audits covering general controls, application controls, cybersecurity, cloud (IaaS/PaaS/SaaS), identity and access management, network and endpoint security, databases, and data governance. Assisting and supporting the Director/Assistant Auditor General in the performance of their duties, and in the absence of the Director, will act on the Director's behalf in all matters related to that unit's activities. Also, coaching, counseling, advising, and assisting in the professional development of audit staff, as required., * Lead Risk-Based IT Audits: Plan and execute IT audits covering general controls, application controls, cybersecurity, cloud (IaaS/PaaS/SaaS), identity and access management, network and endpoint security, databases, and data governance. Assisting and supporting the Director/Assistant Auditor General in the performance of their duties, and in the absence of the Director, will act on the Director's behalf in all matters related to that unit's activities. Also, coaching, counseling, advising, and assisting in the professional development of audit staff, as required.
- Audit Planning & Scoping: Develop risk-based engagement-level audit plans, define objectives and scope, perform preliminary risk assessments, and establish detailed testing programs.
- Control Testing & Analytics: Design and perform control tests using appropriate sampling and data analytics (e.g., ACL, IDEA, SQL, Python) to increase coverage, depth, and efficiency.
- Frameworks & Compliance: Assess control maturity against NIST, COBIT, ISO 27001, ITIL, and relevant regulatory requirements (e.g., SOX where applicable, privacy/security mandates).
- Cloud & ERP Focus: Evaluate controls in major systems (e.g., AWS/Azure, enterprise applications/ERPs), including change management, configuration, interfaces, and data integrity.
- Cyber & Third-Party Risk: Perform audits of cybersecurity controls, incident response, vulnerability/patch management, and third-party/vendor risk, including contractually required controls and service level compliance.
- Issue Management: Identify root causes, quantify impact, recommend pragmatic remediation, and track management action plans to timely closure; escalate risks appropriately.
- Reporting & Communication: Draft clear, concise audit reports; present findings and recommendations to IT and business leaders; prepare materials for senior management and Board-level committees as requested.
- Stakeholder Engagement: Build collaborative relationships with key stakeholders from Information Technology, Legal, and other agency leadership; translate complex technical issues into business terms and actionable steps.
- Quality & Standards: Ensure audits comply with the IIA's International Professional Practices Framework (IPPF) and internal methodologies; and, contribute to methodology updates and audit tool optimization.
- Team Leadership: Supervise auditors; provide coaching, on the job training, performance feedback, and professional development; foster a culture of integrity, curiosity, and continuous improvement.
- Continuous Auditing/Monitoring: Implement continuous auditing/monitoring and data-driven risk indicators to proactively detect anomalies and emerging risks.
- Performs other duties as assigned
- Complies with all policies and standards
- May be required to work hours outside regular work hours, as applicable
- Observes the work performed by contractors, as applicable
- Reviews invoices and approves them if the work meets contractual standards, as applicable
- Addresses performance issues with the contractor when possible, as applicable
- Escalates issues to other parties when needed, as applicable
Requirements
- Demonstrated ability to work with all levels of the organization.
- Excellent analytical and business judgment skills.
- Proven ability to manage multiple projects simultaneously in a fast-paced environment.
- Understanding of professional audit practices, including audit program and workpaper development.
- Excellent communication and interpersonal skills.
Required Education and Experience:
- Bachelor's Degree in Arts/Sciences (BA/BS) Accounting, Business Administration, Computer Science, Information Technology, or a related field; an equivalent combination of education and experience may be considered in lieu of a degree.
- Minimum 8 years Satisfactory full-time experience conducting IT audits in internal audit, public accounting/consulting, or satisfactory full-time experience conducting IT audits in internal audit, public accounting, or a similar role within a complex organization.
The Following is/are preferred:
- Strong knowledge of IT general controls, application controls, cybersecurity practices, and industry frameworks (NIST, COBIT, ISO 2700, ITIL).
- Minimum 1 year of Prior information technology or computer systems experience.
- Minimum 1 year of Supervisory/lead experience managing audit projects and mentoring staff.
- CIA, CISA, or CPA, and supervisory/lead experience managing audit projects and mentoring staff within 1 Year
Benefits & conditions
May need to work outside of normal work hours (i.e., evenings and weekends)
Travel may be required to other MTA locations or other external sites.
According to the New York State Public Officers Law & the MTA Code of Ethics, all employees who hold a policymaking position must file an Annual Statement of Financial Disclosure (FDS) with the NYS Commission on Ethics and Lobbying in Government (the "Commission").
Equal Employment Opportunity
MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including those concerning veteran status and individuals with disabilities.
