Job Specifications
The Internal Audit IT Manager plays a critical role in assessing the design and effectiveness of technology controls across the credit union. This position leads and executes complex IT audits, with a focus on cybersecurity, infrastructure, business continuity/disaster recovery (BC/DR), data governance, artificial intelligence (AI), and digital initiatives. This role will ensure that IT risks are properly identified, assessed, and mitigated in alignment with regulatory requirements, industry frameworks, and organizational goals.
Responsibilities
IT Audit Management
Oversee and manage the planning, execution, and reporting of audits and advisory reviews covering cybersecurity controls, infrastructure and network security, business continuity and disaster recovery (BC/DR), data governance and system development lifecycle management, emerging technologies, including AI and digital platforms
Oversee documentation, workpapers, and reports to ensure they are accurate, complete, and comply with the Global IIA Standards
Ensure audit coverage aligns with the institution’s IT risk landscape and regulatory requirements.
Implement processes and procedures to comply with the Global IIA Standards
Promptly involve stakeholders and the SVP Internal Audit/CAE when issue(s) arise
Create and manage the budget and resource allocation for the department
Risk Assessment & Strategy
Plays an integral role in the risk-based audit plan, by contributing to the risk assessment methodology, overseeing the risk-based audit plan results
Identifies and assesses risks and adjusts the risk-based audit plan as needed, evaluating proper coverage of critical areas and risks
Assign and manage resources to effectively execute the audit plan
Manage the audit plan and communicate adjustments timely and accurately
Present and communicate findings, root cause analysis, and actionable recommendations to stakeholders
Leverage audit results and data trends to advise management on areas of strategic concern
Create and execute internal strategic objectives that support the overall internal audit functions’ mission and vision
Stay current with IT regulations, industry trends, and frameworks, such as FFIEC, CIS, NIST and other relevant guidance
Coordinate with IT operations, security, digital, and external agencies as needed.
Stakeholder Engagement
Effectively communicate with internal departments, external auditors, regulatory bodies, and other stakeholders
Communicate audit findings, risks, and recommendations clearly to senior leadership and to the Supervisory Committee.
Build strong partnerships and collaborate with business and technology leaders to understand associated risks and to align audit coverage
Team Leadership & Development
Supervise, coach, and develop a team of auditors on audits and integrated IT audits
Support the development and implementation of IT audit methodologies and tools
Foster a culture of collaboration, integrity, accountability, and continuous learning and improvement
Coordinate, direct, and support the appropriate education, certification, and training of staff in support of the department and division’s objectives
Complete performance appraisals for supervised audit staff, set established goals, and review established goals consistently
Promote a culture of integrity, accountability, professionalism, and ethical conduct
Maintain certifications and fulfill annual CPE requirements
Education
Qualifications
Bachelor’s degree in Information Systems, Computer Science, or related field (required)
Advanced degree or specialized Master’s degree preferred
Certifications
CISA, CISSP, CISM, CRISC, CIA or equivalent
Experience
8+ years’ experience of internal/external audit, information systems, information technology, cybersecurity, risk, or other relevant area. Public accounting experience a plus
3+ years’ experience in a leadership or management role
Robust understanding of IT control frameworks such as NIST,COBIT, CIS CSF
Credit Union or financial institution experience in IT operations, cybersecurity, digital operations, or risk management, preferred
Skills/Abilities
Ability to understand complex IT environments
Extensive knowledge of cybersecurity, SDLC best practices, IT general controls, database platforms, network architecture, operating systems, third-party/vendor risks, AI risk governance, digital transformation initiatives, and cloud platforms
Expertise in audit methodologies, internal control frameworks (e.g., COSO), and regulatory requirements (e.g., FDIC, OCC, CFPB)
Strong written and verbal communication skills, including experience reporting to executives and boards
Self-starter, highly motivated, organized, and detail oriented
Professional in appearance and attitude
Strong interpersonal skills and excellent team player
Demonstrates curiosity, analytics skills and problem solving
Proficient Microsoft Office skills. Ability to operate related computer applications and software required to complete assigned res