BNY Mellon is an investments company. We provide investment management, investment services and wealth management that help institutions and individuals succeed in markets all over the world.
Internal Audit carries out independent reviews across all areas of management activity, including ad-hoc reviews at the request of management, involvement in key projects and reviews of systems under development, and formally reports findings with recommendations to the Audit Committee, Executive, Senior and Line management across the BNY Mellon Group. The department is responsible for reporting on risks and the control environment across all areas of the business and the support functions to senior management Globally and to provide management with reasonable assurance that operating controls are adequate and effective.
* Lead and execute the testing of technology processes as per Audit policies, methodologies, and standards, primarily covering strategic high risk development programs.
* Operate effectively as a team member, or independently, and take responsibility for specific procedures and results as agreed upon with his or her manager in relation to technology audit work.
* Work with business audit colleagues and undertake integrated audits providing technology audit coverage of business applications and associated technology controls.
* Communicate effectively with clients and audit team members; interacting effectively with senior managers, Audit team members and other stakeholders
* Take ownership of the projects or other work assigned and ensure that audits are carried out correctly and in a timely manner.
* Contribute to the planning stage of an audit, identifying and defining project scope using a risk based approach and developing appropriate risk based project audit work programs,
* Able to take a pragmatic approach based on risk / controls.
* Document systems and support processes, conduct interviews and reviews and analyse evidence obtained.
* Evaluate project controls and work collaboratively with management to identify actions needed and then follow-up and validate sustainable resolution of issues on a timely basis.
* Conduct data extraction, analysis, and security reviews utilising software tools (when applicable).
* Identify, develop, and document audit issues and recommendations using independent judgement concerning areas being reviewed.
* Prepare audit reports / dashboards.
* Manage people on discrete projects on a consistent basis with little oversight when 'Auditor In Charge'.
* Complete tasks efficiently (on time, on budget, accurately).Learn new technology, businesses, processes and regulations effectively and quickly.
* Engage in relevant training regarding audit, technology, businesses, financial controls, regulations.
* College degree or equivalent work experience with 4-6 years relevant experience. The position requires extensive experience in planning and delivering audits and/or specialist skills (eg. technology, advanced operational knowledge or experience, etc.). This individual has a unique and advanced skill set that warrants additional tactical and/or team leader responsibilities. Auditors at this level will be expected to exercise good judgment and work, at times, independently. Preferred Qualifications: 4 year degree in accounting or finance; other subjects may be applicable for specialties with 6 years relevant experience including experience in audit or the relevant specialty area.
* Qualified IT Auditor (QiCA or CISA) with relevant experience in technology audit, preferably including Financial Services experience.
* Experience of auditing complex high risk change projects.
* Skilled in conducting detailed technology audit: collecting and analysing complex data, evaluating information and systems, and drawing logical conclusions.
* Knowledge, and detailed experience of, application technology controls, general computing controls development environments, user acceptance testing, change management and end user computing controls.
* Knowledge of operating system technology (i.e. Unix and Windows), databases (e.g. SQL & Oracle), Web-based technology, and basic infrastructure control issues.
* Experience in assessing IT infrastructure control environments in both mainframe and distributed platforms
* Strong interpersonal skills for performing auditee interviews, negotiating issues and resolving problems.
* Ability to self-motivate and able to take ownership of tasks allocated, with limited supervision over once understanding of our methodologies.
* Working knowledge of generally accepted IS audit standards, statements and practices, and IS security and control practices (e.g. ITIL, COBIT, FFIEC, ISO27001, Prince/PMP). Working knowledge of perimeter and infrastructure security would be advantageous.
* Knowledge of the financial services industry and its regulations and laws would be an asset.
* Experience in real time audit of complex high risk change programs, taking responsibility from planning to reporting and issue follow-up.