Job Description

Job Title: IT Controls Auditor

Location: Malvern, PA (Hybrid – 3 days onsite: Tuesday–Thursday)

Duration: 9 Months

Overview

An experienced IT Controls Auditor is needed to support internal control design, testing, and compliance activities across multiple technology teams. This role is heavily focused on evidence-based control testing—not risk assessment—and requires strong technical auditing experience within enterprise or regulated environments. The ideal candidate is detail-oriented, analytical, inquisitive, and comfortable engaging with cross-functional technology stakeholders.

Key Responsibilities

• Perform end-to-end testing of technology controls to determine operational effectiveness.
• Support control design, implementation, and ongoing monitoring across IT teams.
• Document testing procedures, evidence, findings, and remediation recommendations with a high degree of accuracy.
• Partner with technology, security, compliance, and audit teams to align processes, risks, and controls.
• Assist with internal and external audit requests, including evidence gathering and follow-up on remediation efforts.
• Identify gaps in control execution and recommend improvements to strengthen governance.
• Facilitate meetings with auditors and control owners to ensure clarity and alignment.
• Contribute to training, documentation, and ongoing awareness efforts related to internal controls.
• Maintain strong working relationships across risk, compliance, internal audit, and engineering groups.
• Support standardized control documentation and reporting processes.

Required Qualifications

• 2–5 years of experience in IT Audit, Controls Testing, or Risk & Compliance in a technology-focused environment.
• Hands-on experience conducting internal technology audits and performing evidence-based testing of IT controls.
• Demonstrated understanding of control testing to determine whether a control is working effectively or ineffectively.
• Experience with internal controls in areas such as:
• Access management
• Data protection
• Infrastructure or cloud governance
• System change controls
• Familiarity with IT risk and control frameworks such as SOX, NIST, COSO, or ISO 27001.
• Strong documentation, organization, and follow-through skills.
• Ability to communicate clearly with both technical and non-technical stakeholders.
• Comfort working within structured, regulated enterprise environments.

Preferred Experience

Tools and technologies listed below are helpful but not required:

• Identity & Access: ACF2, SailPoint, CyberArk, Active Directory
• Cloud/Infrastructure: AWS, Azure, Elastic, Wiz
• Systems & Applications: Oracle, DB2, Control-M, BitLocker, GitHub, ServiceNow, Tanium, NetBackup
• Operating Systems: Windows environments

Additional desirable experience:

• Working directly with internal or external auditors
• Drafting remediation plans
• Validating evidence for compliance or SOX-related activities
• Exposure to large-scale enterprise technical environments

Ideal Candidate Attributes

• Highly detail-oriented with strong documentation capabilities
• Strong communication and collaboration skills
• Inquisitive, proactive, and comfortable independently researching issues
• Team-oriented and able to navigate complex stakeholder groups

Job Tags

Similar Jobs