Hybrid - Senior IT Auditor

The Senior IT Auditor works as part of a team of IT Auditors to assess risk, evaluate controls and provide advisory services to FNF and its subsidiaries. This position supports a variety of audits encompassing information technology, security, general computer controls (including logical security, computer operations and change management), corporate initiatives, technology implementations as well as compliance/regulatory activites. This position will support the risk based IT Audit plan, leading and completing planning, fieldwork, and reporting activities. This position includes internal and external client interface, and as such requires strong professional presence, communication, and decision-making skills. The successful candidate will be capable of identifying and addressing audit issues across a variety of business areas and risk exposures, including technology, information security and operational systems of controls. The ability to establish relationships and credibility with clients as well as within the Audit team is necessary. A broad understanding of Information Technology, security, and controls as well as experience in the financial services industry is necessary.

• Aid in the assessment of risks and development of a risk-based audit plan and
  associated work programs.
• Lead process walkthroughs with the client and manage audit requests, including
  creating audit request lists and proactive documentation follow up.
• Assist in the identification and documentation of IT and security controls, as well as
  the build out of detailed audit test plans including proposed audit test procedures.
• Perform detailed analysis of program functionality, data, or other substantive testing
  to evaluate residual risk.
• Audit finding lifecycle management starting from finding inception, vetting with client,
  tracking of remediation progress to meet management agreed milestones, and testing
  of remediation efforts.
• Complete work-papers and other audit materials that meet professional practice
  requirements.
• Address review notes and implement constructive feedback.
• Develop and foster constructive professional relationships.
• Contribute to a high-performance environment with an execution focus.
• Active participant in internal improvement initiatives and security best practice
  discussions.

Bachelor’s degree from an accredited college or university in Information Technology,
Information Systems, Accounting and/or Business

• Big four experience
• Master’s degree in information technology or related management field.
• CISA or CISSP, Security +, CEH is a requirement for this position. Other Certifications
(CIA, CFE, etc.) a plus. We will consider candidates who have passed the CISA and are
pending the work experience requirement.
• Microsoft Azure experience
• High tech or financial services experience, including working in highly regulated
environments.
• Experience with IT Standards; HiTRUST, COBIT, ISO 27001, ITIL, NIST, FFIEC
Standards.

REQUIREMENTS:

• (3-6) + years of experience in an IT audit function and IT/Information Security
experience
• Strong professional presence, communication, and decision-making skills.
• Strong understanding of IT risk and controls, project management and time
management skills.
• Experience leading IT and security audits and validations.
• Ability to establish relationships and credibility with internal clients.
• Familiarity and practical application of IT Security and control frameworks (e.g., NIST,
ISO, FFIEC IT Booklets, Cybersecurity Framework, COBIT, etc.)
• Proficiency in the following areas:
o Application Security
o Open Systems Interconnection (OSI) model
o Computer Operations (including job scheduling, monitoring, and alerting,
capacity, performance, and problem management)
o Information Security & Data Privacy Programs and Frameworks
o Network, Infrastructure Architecture and Security (including network
segmentation, firewalls, routers, VPN solutions etc.)
o Physical Security &  Data Center Controls
o Systems Development (including SDLC and supporting tools AzureDevOps,
project management, and change control methodologies)
o Implementations (including upgrades and migrations)
o Business Continuity & Disaster Recovery
o Data Analysis using Excel, Access, or other tools.