Internal IT Auditor, Senior

Your Role

The Senior Internal IT Auditor leads and executes audit engagements, serving as a subject matter resource and ensuring high-quality audit delivery across technology and cybersecurity domains.

Your Knowledge and Experience

• Requires a bachelor's degree or equivalent experience
• Requires a minimum of 5 years of prior related experience
• Basic competence and knowledge with support from others of: Financial Accounting and Finance Concepts, Managerial Accounting, Regulatory, Legal and Economics, Quality Framework, Ethics and Fraud, Information Technology, Governance, Risk and Controls, Organizational Theory and Behavior
• Working knowledge of AI tools, models, and platforms (e.g., generative AI, ML systems), including associated risks, controls, and governance consideration
• Strong analytical and problem-solving skills
• Advanced knowledge of auditing typically obtained through advanced education combined with experience
• May have practical knowledge of project management
• Certified Information Systems Auditor (CISA), Advanced in AI Audit (AAIA), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA) and/or Certified Secure Software Lifecycle Professional (CSSLP) highly desired

Your Work

In this role, you will:

• Be responsible for performing and leading transactional quality review audits with limited or no supervision
• Have expert knowledge of transactional quality assurance audit principles and methodology; considered a subject matter expert in multiple functional areas
• Support risk assessments and development of audit plans for data and AI governance areas
• Review controls over AI-enabled business processes, including data sourcing, model outputs, decisioning logic, and human oversight mechanisms
• Leads corrective/ preventive action planning related to transactional audits
• Assess design and operating effectiveness of controls related to intellectual property (IP) protection, including source code repositories, model artifacts, proprietary algorithms, and data assets
• Perform audits of DevSecOps pipelines, including CI/CD tooling, automated testing, code promotion, and segregation of duties across development environments
• Evaluate risks related to use of open-source software, third-party libraries, and external AI services, including licensing compliance, security vulnerabilities, and data leakage
• Analyze risks associated with data used in software and AI development, including data governance, quality, lineage, privacy, and regulatory compliance (e.g., HIPAA data considerations)
• Assess AI governance frameworks, including intake, approval, ethical review, monitoring, incident management, and model retirement processes
• Research issues and shares the findings of that work with varying groups effectively (executives, managers, line staff, etc.)
• Develop and maintains productive client and staff relationships through individual contacts and group meetings
• Be proficient in either operational, financial or IT auditing, but not yet an expert. Work still needs oversight to be released and reviewed by Management
• Work to achieve operational targets with direct impact on BSC departmental results
• Be responsible for entire projects or processes within BSC annual audit program
• Communicate with parties within and outside of BSC with the ability to educate others on complex disciplines

Your Work

In this role, you will:

• Be responsible for performing and leading transactional quality review audits with limited or no supervision
• Have expert knowledge of transactional quality assurance audit principles and methodology; considered a subject matter expert in multiple functional areas
• Support risk assessments and development of audit plans for data and AI governance areas
• Review controls over AI-enabled business processes, including data sourcing, model outputs, decisioning logic, and human oversight mechanisms
• Leads corrective/ preventive action planning related to transactional audits
• Assess design and operating effectiveness of controls related to intellectual property (IP) protection, including source code repositories, model artifacts, proprietary algorithms, and data assets
• Perform audits of DevSecOps pipelines, including CI/CD tooling, automated testing, code promotion, and segregation of duties across development environments
• Evaluate risks related to use of open-source software, third-party libraries, and external AI services, including licensing compliance, security vulnerabilities, and data leakage
• Analyze risks associated with data used in software and AI development, including data governance, quality, lineage, privacy, and regulatory compliance (e.g., HIPAA data considerations)
• Assess AI governance frameworks, including intake, approval, ethical review, monitoring, incident management, and model retirement processes
• Research issues and shares the findings of that work with varying groups effectively (executives, managers, line staff, etc.)
• Develop and maintains productive client and staff relationships through individual contacts and group meetings
• Be proficient in either operational, financial or IT auditing, but not yet an expert. Work still needs oversight to be released and reviewed by Management
• Work to achieve operational targets with direct impact on BSC departmental results
• Be responsible for entire projects or processes within BSC annual audit program
• Communicate with parties within and outside of BSC with the ability to educate others on complex disciplines