Manager, Internal Audit - IT

Overview

FM is a leading property insurer of the world's largest businesses, providing more than one-third of FORTUNE 1000-size companies with engineering-based risk management and property insurance solutions. FM helps clients maintain continuity in their business operations by drawing upon state-of-the-art loss-prevention engineering and research; risk management skills and support services; tailored risk transfer capabilities; and superior financial strength. To do so, we rely on a dynamic, culturally diverse group of employees, working in more than 100 countries, in a variety of challenging roles.

Summary:This position heads up the critical IT audit group and is relied upon as the subject matter expert on all IT audit related issues by the chief internal auditor. The position manages a team of IT auditors. The position monitors all emerging information technology risks including the hugely impactful cyber security risk that is owned by the chief information officer and is actively monitored by the audit committee. This position requires active participation in the development of a comprehensive global IT audit strategy, followed by effective execution to achieve organizational goals. 

Responsible for managing the enterprise-wide IT audit universe, all IT audits and targeted reviews, co-manages integrated audits (audits with technology, financial and/or operational components), advises IT and business management. The position is focused on assessing IT components of control environments and advising on associated risks on a global basis.

Schedule & Location:This is a full-time office-based position in Johnston, RI. Four days per week of work are required on-site, with flexibility for one remote day per week. Core on-site workdays are Monday, Wednesday, and Thursday. Employee may choose to work remotely on either Tuesday or Friday.

Responsibilities

• Manage IT auditor(s) and financial/operational auditors (including auditors in other global locations) during audits and projects with significant technology component. • Lead IT related professional development for all financial/operational auditors. • Manage and perform regular information system audits outlined in the annual audit plan.• Oversee audit planning, review IT components in audit programs, facilitate interviews with IT groups during audit fieldwork and project participation work. • Manage MAR compliance assessments of IT processes. • As the subject matter expert, maintains the technical accountability for all findings and recommendations to executive management.• Partner and consult with IT and business managers in relation to system development projects and initiatives to ensure that controls are developed to achieve business objectives; outline risks and implications on control environment of business process and system changes, determine if the changes do not cause noncompliance with established policies/procedures and regulatory requirements. Communicate identified risks to senior management.• Responsible for maintaining the global IT audit universe, including the risk assessment, creation and prioritization of the annual IT audit plan. • Communicate the plan to senior management up to the CIO and agree the scheduling of each audit with department vice presidents Provide IT related input during annual financial/ operational risk assessment and audit planning process.• Responsible for the performance management of IT auditor(s), including coaching, mentoring, career development initiatives, appraisals and training programs.• Coordinate external audit work during the annual audit process, including consultations at the partner level. • Responsible for agreeing the design of detailed test plans; overseeing delivery of required documentation in support the audit process; facilitate responses to additional inquiries or help resolve any questions during the audit process. • Maintains overall responsibility for ensuring that all IT related aspects that internal audit provide direct assistance for have been completed satisfactorily.• Attend executive level meetings up to the audit committee level and present technology audit matters as directed by the chief auditor. • Attend other corporate committee meetings as agreed with the chief auditor.

Qualifications

Required Education:• Bachelor’s Degree in Information Technology or a related field

Highly Preferred Education:• Master’s degree preferred • Minor in Accounting/Finance• CISA certification

Required Work Experience:• 10+ years of experience in information technology, including IT audit and/or IT risk/compliance function for a large size company • Prior management experience

Highly Preferred Work Experience: • Experience in financial services environment preferred

Required Technical Skills: Expert or applied knowledge of all of the requirements of the IIA Professional Practices Framework, including but not limited to:- Mission of internal audit- Organizational independence- Individual objectivity- Impairment to independence or objectivity- Ethical behavior- Due professional care- Organizational governance- Fraud- Risk management- Internal control- Engagement planning, fieldwork and outcomes- Internal audit strategic planning and management

Accounting and finance: -General knowledge of financial and managerial accounting concepts and underlying principles, and general business operations.

IT: -Ability to evaluate control gaps in critical audited system components, system integrations, related support processes, and client control expectations in different cloud service types. -Ability to evaluate coverage of audited processes performed by 3rd parties and evaluate monitoring of compliance with complimentary user entity controls. -Ability to evaluate system development related controls. -Ability to apply appropriate guidance from IT control frameworks during audit work. -Ability to quickly and effectively gain an understanding of emerging IT related risks and available controls by reviewing available information. -Ability to determine a need and scope for evaluation of IT General Controls and Application Controls during evaluation of business processes.

Expert or applied knowledge of key IT areas such as system development methodologies, cloud services, cyber security and data governance.

Strong understanding of core insurance business processes including underwriting, premiums, reinsurance, claims, as well as, the following general business processes: corporate governance, ethics, culture.

Required Soft Skills: -Self-motivated individual with a strong need for achievement-Credible individual, with a high degree of consistency between their words and actions-Focused individual, with strong attention to detail

Develops talent:-Develops people to meet both their career goals and the organization's goals.

Drives Engagement:-Creates a climate where people are motivated to do their best to help the organization achieve its objectives.

Communicates Effectively:-Develops and delivers multi-mode communications that convey a clear understanding of the unique needs of different audiences.

Builds Effective Teams:-Builds strong-identity teams that apply their diverse skills and perspectives to achieve common goals.

Instills Trust:-Gains the confidence and trust of others through honesty, integrity, and authenticity.

Values Differences:-Recognizes the value that different perspectives and cultures bring to an organization.

Ensures Accountability:-Holds self and others accountable to meet commitments. For example, helps team hold each other accountable for goals, adherence to policies and procedures.

The hiring range for this position is $156,400 - $224,800 annually. The final salary offer will vary based on individual education, skills, and experience. The position is eligible to participate in FM’s comprehensive Total Rewards program that includes an incentive plan, generous health and well-being programs, a 401(k) and pension plan, career development opportunities, tuition reimbursement, flexible work, time off allowances and much more. FM is an Equal Opportunity Employer and is committed to attracting, developing, and retaining a diverse workforce.