Senior IT Auditor

Company Details

"Our Company provides a state of predictability which allows brokers and agents to act with confidence."

Founded in 1967, W. R. Berkley Corporation has grown from a small investment management firm into one of the largest commercial lines property and casualty insurers in the United States.

Along the way, we’ve been listed on the New York Stock Exchange, become a Fortune 500 Company, joined the S&P 500, and seen our gross written premiums exceed $10 billion.

Today the Berkley brand comprises more than 60 + businesses worldwide and is divided into two segments: Insurance and Reinsurance and Monoline Excess. Led by our Executive Chairman, founder and largest shareholder, William. R. Berkley and our President and Chief Executive Officer, W. Robert Berkley, Jr., W.R. Berkley Corporation is well-positioned to respond to opportunities for future growth.

Responsibilities

The Company is an equal employment opportunity employer.

We are hiring a Senior IT auditor who is self-motivated, a strategic thinker, and a team player with excellent interpersonal skills who thrives on challenges. The primary responsibility is coordinating and implementing the IT Audit review process and supporting the Audit team, which leads high-quality, risk-focused audits per Internal Audit policies, methodologies, and standards.

Responsibilities

• Lead IT audit engagements and projects while partnering with all audit teams to assess adequate management controls, efficiency, and compliance with policies and regulations while using sound, independent judgment.
• Evaluating key risks and internal controls, develop and/or review audit programs/risk & control matrices (including adapting an audit program to suit the client’s specific environment and designing controls evaluation and testing work plans to address risks within assigned areas of the audit), benchmark financial and operational processes and controls, and identify opportunities for efficiencies/performance improvement based on leading practice.
• Perform/review testing procedures including, but not limited to, detailed tests of controls including sampling/confidence levels, analytical procedures, and other audit procedures to address risks identified and to test internal controls for design and operating effectiveness.
• Create high quality deliverables using appropriate business and technical language, documenting audit work performed and results by preparing/reviewing work papers.
• Identify / document audit issues clearly articulating issue/root cause, risk/exposure, and recommendations for improvement; direct work conducted by Auditors on the team.
• Document processes and sub-processes in the form of walkthroughs (in a format that allows them to be re-performed), narratives, and flow charts for audit areas in scope, with the assistance of Auditors, as applicable.
• Adopt continuous improvement principles that are pragmatic and sustainable to support an enhanced control environment.
• Continually identify and drive solutions for greater efficiency and value
• Analyze data from Business Units to identify and interpret trends and patterns to provide meaningful insights into the audit process.
• Learn new businesses, processes, and regulations and apply new knowledge to audit work performed. Must be able to quickly assimilate new information to analyze the risks and controls effectively.
• Work independently and in a team environment to maximize performance.
• Build positive working relationships with all auditees, particularly with Senior Management.
• Communicate well with clients and the broader Audit team.
• Engage in relevant training regarding audit, analytics, businesses, financial controls, regulations, or a particular specialty.
• Maintain audit proficiency through training and professional association memberships (e.g., CIA, CISA, CISSP).
  
  

Competencies

• Strong understanding and experience with testing of IT General Controls.
• Understanding or working knowledge of cybersecurity concepts such as Security Operations (Vulnerability Management, DLP, SIEM etc.), Security Engineering (Cryptography, Cloud Security, Security Architecture etc.), Identity and Access Management etc.
• Understanding or working knowledge of Network and Network Security concepts and tools such as Network Access Controls, Intrusion Detection and Prevention, TACACS/Radius (Central authentication), Network Penetration Testing (e.g., red teaming) etc.
• Understanding or working knowledge of information security controls, infrastructure technology, technology governance and assessments, cybersecurity tools (e.g., Qualys), Splunk, Netskope, Zscaler etc.
• Working knowledge of other technology infrastructure concepts, processes, and associated risks - such as, Active Directory, Operating System, On-premises Data Center etc.
  
  

Qualifications

• A minimum of 4-6 years of Audit or Data Analytic experience (public and/or internal) and preferred experience in property casualty insurance.
• Excellent computer and data analytic skills, including experience in audit analytics and/or continuous audit monitoring programs.
• Experience in dealing with Senior and Executive Management.
• Good at relationship building, influencing, and persuading at all levels.
• Strong project management, organization, and documentation skills.
• High level of attention to detail with an inquisitive nature.
• Excellent communication skills (verbal and written).
• Assertive yet flexible and open-minded in a professional manner.
• Creative thinking is needed to improve, automate, and standardize the audit review process.
• Demonstrated ability to analyze and problem solve with the ability to prioritize and multi-task.
• Strong business acumen and risk awareness.
  
  

Education Requirement

• Bachelor’s degree in Computer Science, Engineering, or Information Systems preferred.
• Professional certification (CISA, CISM, CISSP) is strongly preferred.