IT Staff Auditor

  • Rocky Mountain Bank
  • Remote (Montana, USA)
  • Jan 12, 2023
Full time Information Technology

Job Description

The IT Staff Auditor is responsible for performing professional IT internal auditing work to aid management in evaluating whether internal controls are adequately designed, operating effectively, and complying with relevant regulatory guidelines.


1. Plays a lead role in the delivery of IT internal audit services, IT internal audit related projects and/or Sarbanes-Oxley Section 404 (SOX 404) /COSO IT-related internal control testing.
2. Executes IT Audit and IT Internal Control Testing that is performed in-house IA department.
3. Assists with evaluating IT general and application controls for SOX/COSO and FFIEC compliance requirements.
4. Represents the IA department on special projects such as system implementations, by working with HTLF IS and various other HTLF functional business areas, External IT Regulator, External IT Audit Firm and Outsourced IT Audit Firm.
5. Serves as a resource on IT-related issues for others within the IA department.
6. Researches on technology, industry trends and professional standards as it relates to IT controls and the IT audit profession; Incorporates best practices at Heartland Financial.
7. Assesses relevant risk(s) to determine appropriate audit objectives, scope and procedures.
8. Identifies financial and operational inefficiencies and/or significant internal control weaknesses.
9. Develops recommendations to mitigate risk, improve internal processes, operations and/or reduce cost.
10. Reports results of audits and testing to others in IA and Senior Management in a clear and concise manner.
11. Performs audit testing in conformance with the international standards for the Professional Practice of Internal Audit Standards.
12. Conducts projects, reviews, audits, investigations, and due diligence as requested.
13. Completes annual E-Learning Plan training as assigned and maintain current knowledge of IT-related training as it relates to the job function.
14. Keeps abreast of banking policies and procedures, current developments in the IT, accounting and/or auditing professions, and changes in local, state and federal laws, as applicable.
15. Maintains credentials through continuing education, as applicable.
16. Participates in internal/external meetings, trainings and/or seminars on IT-related issues (e.g., cyber security, PCI Compliance, etc.).


1. Bachelor’s Degree in Management Information Systems, Computer Information Systems, Accounting, or Business, required; Master’s Degree, preferred. 
      * Will consider the combination of education, experience, and certification in assessing preparedness for the role.
2. 0-3 years of professional experience working in the areas of IT audit, IT controls assessment and/or SOX 404/COSO evaluating and testing, required; Experience within a Financial Institution (IT and/or Internal Audit) or in an External IT Audit Consulting Firm, preferred.
3. Knowledge of Continuous Audit and Data Mining tools, techniques and/or applications (i.e., ACL, IDEA, etc.)
4. Critical thinking and problem solving; able to solve/troubleshoot problems and offer practical, alternative solutions.
5. Ability to work with limited guidance, as needed
6. Strong technical skills and knowledge of Microsoft Office products
7. Effective written and verbal communication skills
8. Basic knowledge of IT general and application controls, as well as FFIEC compliance requirements (IT systems, security), preferred
9. Basic knowledge of IIA (Institute of Internal Auditors) Standards, Sarbanes-Oxley requirements and the COSO Internal Control Framework, preferred
10. Prior project management experience, preferred.

OCCUPATIONAL CERTIFICATION:                                                
Preferred but not required:

• Certified Information Systems Auditor (CISA);
• Certified Information Systems Security Professional (CISSP);
• Certified Public Accountant (CPA);
• Certified Internal Auditor (CIA);
• Certified Financial Services Auditor (CFSA); and/or
• Any other similar type of IT-related, accounting, security, or technology professional designation/certification