IT Audit & Assurance Specialist

General Summary of Position:

The successful candidate will join a team of professionals performing a variety of IT audit, compliance (SSAE 18 SOC1 and SOC2 audits, HITRUST self-assessments/validations, Information Technology General Controls reviews, SOX 404, etc.) and consulting services to our client’s growing client base.

The IT Audit and Assurance Specialist is responsible for demonstrating skills in assessing IT process and technology risks; identifying and evaluating the design of IT controls; designing, executing and documenting IT audit tests; and making initial determinations of reportable issues. During the audit process, the IT Audit and Assurance Specialist will work timely and in accordance with modern audit methodologies and other applicable standards, and defined plans, budgets, and schedules.

We are currently seeking professionals at the staff (0 to 2 years of experience) or senior (3 to 5 years) level to join our client’s IT Assurance and Advisory team.


  • Perform comprehensive risk assessments and analysis over IT and business processes sufficient to scope applicable engagements and understand the design and operational effectiveness of applicable client controls.
  • Design and execute walkthroughs and tests of operating effectiveness over controls in the entity, business units, IT, applications, and infrastructure, in support of various audits (e.g., SOC, HITRUST, financial (ITGC), SOX 404, IT risk assessment for various industry frameworks).
  • Provide insight and recommendations to clients regarding gaps and improvements in the design and operating effectiveness of controls.
  • Collaborate with the team in designing audit procedures, project management solutions, and client deliverables.
  • Maintain effectiveness and efficiency while working on multiple projects and responsibilities.
  • Provide appropriate and timely feedback to leadership on issues and progress of engagements.
  • Collaborate with the team in designing audit procedures, project management solutions, and client deliverableswhile advising our clients on industry specific issues.
  • Continual learning and updating of skill on applicable standards, frameworks, and interpretative guidance (e.g., attestation and auditing standards, SOC, HITRUST CSF, COSO, SOX 404).

Education, Experience, and Skills:

  • Significant experience in understanding and applying relevant technical knowledge in at least one of the following engagement types: (a) System and Organization Controls (SOC) reporting engagements, (b) HITRUST CSF self and/or validated assessments, (c) Information Technology General Control audits (financial audit support), and/or (d) internal or operational audits.
  • Bachelor’s degree in information systems, accounting, IT, security, or another relevant field.
  • CISA, CPA, CIA, CISSP or similar certification desired (or plans to work towards). Certified HITRUST CSF Practitioner a plus.
  • Advanced written and verbal communication skills.
  • Capable of working in a demanding, deadline-driven environment.
  • Strong work ethic.
  • Ability to demonstrate an understanding of risks and controls in IT and business processes, and how to apply them to client situations.
  • Strong time management skills: ability to effectively participate in multiple commitments and engagements while supervise/manage self and others in finishing projects completely, accurately, and timely.
  • Solid organizational skills, including the ability to meet project deadlines, while maintaining quality, attention to detail, and accuracy in work products.
  • Ability to work effectively alone and with teams.
  • Strong interpersonal skills: capacity and interest to develop and maintain strong relationships with internal and client personnel.
  • Technical awareness/experience (e.g., servers (Windows, Unix, Linux), databases, network devices, applications, utilities, Microsoft Office, IDEA or ACL).
  • Demonstrated integrity within a professional environment.