BASIC SUMMARY:
Perform information technology (IT) audits and reviews of the organization for efficiency, economy and effectiveness in accordance with accepted internal auditing standards and Control Objectives for Information and Related Technology (COBIT). Discuss audit results with management and prepares written audit reports. Participate in the documentation, testing and remediation phases related to IT in compliance with Section 404 of the Sarbanes-Oxley Act of 2002.
DUTIES AND RESPONSIBILITIES:
Execute detailed audits of IT systems and infrastructure to verify that systems are secure and support the related applications/business processes.
Independently develop audit programs, evaluate system controls, document audit results, make recommendations, and communicate findings to Internal Audit and senior management.
Prepare and present comprehensive reports on the results of IT audits and special projects to Internal Audit and senior management.
Present and communicate complex technological issues in a clear, concise and effective manner to technical and non-technical audiences.
Maintain internal control programs and documentation based on requirements under the Sarbanes-Oxley Act for IT general controls and business application controls.
Design, document, test and assist in remediation of IT process controls in a wide range of environments, including policies and procedures that address key areas of an IT organization, including system development, change management, network security, operations, and segregation of duties.
Assist in the identification of risks as part of the risk management process, including business continuity and disaster recovery planning.
Provide support to internal and external audit teams as required.
Maintain or acquire sufficient knowledge of authoritative and regulatory issues governing information technology, auditing, maritime matters or other fields as required to complete audit assignments.
Perform special projects relating to IT and hotline investigations as requested by management.
Perform other job related functions as assigned.
EDUCATION:
Bachelor’s Degree in Information Technology, Computer Engineering, Accounting or related field of study; or any equivalent combination of relevant background, skills and experience. Certified Information Systems Auditor (CISA), Certified Public Accountant (CPA), Certified Internal Auditor (CIA), Certification in Control Self-Assessment (CCSA), Certified Fraud Examiner (CFE), or any other certifications strongly preferred.
EXPERIENCE:
Minimum 3 years of IT audit experience to include at least 1 year of Sarbanes-Oxley implementation experience in a large company and/or similar industry. Supervisory experience preferred.
KNOWLEDGE & SKILLS:
Working knowledge of data center operations (Windows and Unix), Windows networking, Oracle database management, internet technology, ERP systems (PeopleSoft), and Microsoft Access database preferred. Knowledge of or ability to learn reservation/booking systems (Freestyle Connect), property management systems (Fidelio), maintenance report order systems (AMOS), and marine inventory systems (MXP).
Ability to work independently and complete projects from the planning phase to issuance. Strong knowledge of IT general controls and business application controls. Familiarity of COBIT preferred. Knowledge of authoritative and regulatory issues governing IT, auditing, maritime matters or other fields required to complete audit assignments. Strong analytical, problem solving and organizational skills to manage daily functions with team members at all levels.
Excellent communication skills, both written and oral, to present findings and make sound recommendations. Good interpersonal skills in order to develop and maintain good working relationships with shoreside and shipboard team members.
Approximately 25% of travel time is required to support the execution of shipboard, European office and other IT audits.