Job Specifications
Job Title: IT Controls Auditor
Location: Malvern, PA (Hybrid – 3 days onsite: Tuesday–Thursday)
Duration: 9 Months
Overview
An experienced IT Controls Auditor is needed to support internal control design, testing, and compliance activities across multiple technology teams. This role is heavily focused on evidence-based control testing—not risk assessment—and requires strong technical auditing experience within enterprise or regulated environments. The ideal candidate is detail-oriented, analytical, inquisitive, and comfortable engaging with cross-functional technology stakeholders.
Key Responsibilities
Perform end-to-end testing of technology controls to determine operational effectiveness.
Support control design, implementation, and ongoing monitoring across IT teams.
Document testing procedures, evidence, findings, and remediation recommendations with a high degree of accuracy.
Partner with technology, security, compliance, and audit teams to align processes, risks, and controls.
Assist with internal and external audit requests, including evidence gathering and follow-up on remediation efforts.
Identify gaps in control execution and recommend improvements to strengthen governance.
Facilitate meetings with auditors and control owners to ensure clarity and alignment.
Contribute to training, documentation, and ongoing awareness efforts related to internal controls.
Maintain strong working relationships across risk, compliance, internal audit, and engineering groups.
Support standardized control documentation and reporting processes.
Required Qualifications
2–5 years of experience in IT Audit, Controls Testing, or Risk & Compliance in a technology-focused environment.
Hands-on experience conducting internal technology audits and performing evidence-based testing of IT controls.
Demonstrated understanding of control testing to determine whether a control is working effectively or ineffectively.
Experience with internal controls in areas such as:
Access management
Data protection
Infrastructure or cloud governance
System change controls
Familiarity with IT risk and control frameworks such as SOX, NIST, COSO, or ISO 27001.
Strong documentation, organization, and follow-through skills.
Ability to communicate clearly with both technical and non-technical stakeholders.
Comfort working within structured, regulated enterprise environments.
Preferred Experience
Tools and technologies listed below are helpful but not required:
Identity & Access: ACF2, SailPoint, CyberArk, Active Directory
Cloud/Infrastructure: AWS, Azure, Elastic, Wiz
Systems & Applications: Oracle, DB2, Control-M, BitLocker, GitHub, ServiceNow, Tanium, NetBackup
Operating Systems: Windows environments
Additional desirable experience:
Working directly with internal or external auditors
Drafting remediation plans
Validating evidence for compliance or SOX-related activities
Exposure to large-scale enterprise technical environments
Ideal Candidate Attributes
Highly detail-oriented with strong documentation capabilities
Strong communication and collaboration skills
Inquisitive, proactive, and comfortable independently researching issues
Team-oriented and able to navigate complex stakeholder groups
About the Company
The Planet Group is a diversified professional services organization focused on providing high-value outsourced human capital solutions and niche consulting services to Fortune 500 and other leading clients in the fastest growing and most in-demand sectors. The Planet Group consists of staffing and consulting entities that have been purposefully built to address the professional services needs of leading companies in the technology, energy & engineering, accounting & finance, HR, administrative, and digital marketing industr...
Know more