IT Auditor / Senior Auditor / Audit Supervisor

  • Competitive
  • Den Helder, Noord-Holland, Netherlands
  • Self Employed, Full time
  • ING
  • 23 Jan 19

IT Auditor / Senior Auditor / Audit Supervisor

As an IT Auditor at CAS, depending on your grade (IT Auditor, Senior Auditor or IT Audit Supervisor) you will conduct, support and manage IT Audits in the Wholesale Banking domain of ING worldwide. This means that you will evaluate the design and assess the operating effectiveness of IT controls, including reviews of IT architecture, IT system development, IT operations and IT security management. The team is ambitious to be best-in-class and develops and uses advanced audit techniques, such as penetration testing and IT vulnerability scanning. IT audits are often performed in close cooperation with business auditors and relate to the latest IT developments. You will report your audit findings correctly and systematically in audit reports, including suggestions for improvement and concrete recommendations that you will present to ING Bank management.
As an IT Auditor, you will work with an international team as part of the IT Audit Division. This division forms a part of CAS (Corporate Audit Services), which is a highly professional organisation with approximately 20 audit teams across the globe. Together with your other international IT audit colleagues, you will provide audit coverage on a variety of IT related audits.

Key Responsibilities
(A) Risk Assessment Audit Planning (RAAP) (applicable to Audit Supervisor)

  • Contributes to the assessment and prioritisation of auditable entities based on the importance to business objectives / value drivers, risk type significance and quality of internal control.
  • Contributes to preparation of the Commercial Banking Asia audit plan, the required resources, and the timing of the audits.

(B) Assignment planning (applicable to Senior Auditor and Audit Supervisor)
  • Sets the overall audit objective, scope and approach.
  • Responsible for the business process analysis, assessment of inherent risk, evaluation of control design and initial assessment of residual risk. Ensures an appropriate audit work program is prepared in accordance with Standard Audit Guidance concept.
  • Prepares the Audit Planning Memo and Terms of Reference and obtains approval from regional and global levels.

(C) Audit execution (applicable to all grades)
As an IT Auditor, you will have an in-depth knowledge of technical IT environments. You use your strong analytical skills to identify the areas of focus within our IT audit strategy and individual IT audits. You are naturally proactive, critical and curious, and you search for missing information on your own initiative. You have strong verbal and written communicative skills and interpersonal capabilities. Therefore, you know how to ask the right questions and get the right information, even when you have to overcome resistance. You are accurate, creative in your solutions and you describe yourself as a team player who is capable of working in international teams, as well as independently when the task at hand requires this. Also, you are keen on self-development. Specifically, you will :
  • Support or Lead the execution of the audit ensuring there is independent and objective evaluation of the design and operational effectiveness of key controls and assesses the residual risk.
  • Monitor progress and review the activities carried out by the team according to the established audit programs / risk control matrices.
  • Perform testing in complex and specialised IT audits where technical experience is required.
  • Carry out audit activities embracing utilisation of Computer Assisted Audit Techniques as appropriate.
  • Ensure that stakeholders (CAS and Business) are kept regularly informed of the progress of the audit and any potential issues arising.
(D) Audit reporting (applicable to all grades)
  • Discusses audit conclusions and reports with the managers of the business unit being audited.
  • Depending on the role in the audit, supports or leads the close-out discussions with audit client and management.
  • Depending on the role in the audit, supports or takes ownership and responsibility for the final audit report to management.

(E) Audit closure (applicable to all grades)
  • Ensures that the audit work performed by the audit team is documented in the Audit application in accordance with the guidelines in the CAS manual.
  • Follows-up the closure of earlier reported audit findings and documents the results.
  • Performs job evaluations and provides input to the Audit Department Head regarding the quantitative and qualitative strength of the audit team.
  • Where applicable provides feedback on the Standard Audit Guidance to the owner.

(F) Risk monitoring and Communication (applicable to all grades)
  • Develops and maintains excellent relationships with IT Management and Information Risk Management.
  • Contributes to the CAS Risk Monitoring Framework in capacity as IT Co-Ordinator.
  • Ensures that stakeholders are actively kept up to date (no surprises) and negotiates, influences and communicates with audit clients to better understand underlying risks.
  • Participates in various IT Steering Committees to monitor risk and control developments.
  • Works pro-actively with other CAS units around the world to build a network and ensure a consistent audit approach.
Pre-requisites (depending on a grade, more leadership skills are expected)
  • A bachelor or master degree in IT, preferably in IT Security, IT Risk Management or IT Audit.
  • In-depth technical knowledge of IT technologies and IT security architecture applied to operating systems, network infrastructure, database management systems and web servers.
  • Knowledge of banking products and processes would be plus.
  • Hands-on working experience in IT security, IT risk management or IT audit functions.
  • Experience with international and complex organisations.
  • Experience with vulnerability assessment tools (e.g. Nessus, Nexpose, OpenVAS).
  • Experience with penetration tools (e.g. Metasploit. Wireshark, Kali Linux).
  • Experience with data analytics tools such as IDEA, ACL or equivalent.
  • Certified Information Systems Auditor (CISA) or equivalent would be plus.
  • Willingness to travel.
For more information please contact Pawel Debosz at