Overview
The GIA IT Audit Analyst contributes to assurance and advisory engagements across a broad range of technology domains and strategic initiatives, supporting risk assessments and audit procedures.
Key Responsibilities
- Supporting risk assessments of business units, processes, and technologies to inform audit planning
- Supporting multiple audit and advisory engagements in parallel, including carrying out assigned workstreams under the direction of the Auditor-in-Charge
- Executing audit procedures across areas such as technology governance, cybersecurity, cloud and hybrid environments, data governance, enterprise platforms, and digital transformation initiatives
- Contributing to the assessment of risks and controls related to emerging technologies, including artificial intelligence (AI), automation, APIs, and modern application architectures
- Preparing process documentation, control narratives, audit work programs, and testing approaches
- Performing control testing, supporting stakeholder interviews, and documenting audit results
- Drafting clear findings and contributing practical, risk-based insights for management consideration
- Contributing to integrated audits that span business processes, systems, data, and technology domains
- Using data analytics, automation, and technology-enabled audit techniques to support risk assessment, testing, and insight generation
Required Experience
- At least 3 years of experience in IT audit, technology risk, cybersecurity, digital assurance, or related advisory roles, preferably in complex environments such as financial institutions, consulting firms, or international organizations
- Experience supporting audits, advisory engagements, or projects involving technology-enabled processes, system implementations, or digital transformation initiatives
- Practical exposure to key risk domains such as cybersecurity, cloud computing, data protection, and identity and access management
- Awareness of emerging technology risks, including AI governance, automation, cloud adoption, cyber resilience, and third-party risk
- Good understanding of enterprise technology environments, including infrastructure, applications, data, and secure development practices
- Experience using data analytics or other technology-enabled audit techniques to support assurance activities
- Ability to identify and assess risks related to evolving threat landscapes, including areas such as ransomware, data privacy, and operational resilience
Qualifications
- Master’s degree or equivalent experience with Bachelor’s degree
- CISA certification preferred or expected to be pursued; other relevant certifications (e.g., CISSP, CRISC, CISM, CIA, or cloud/security certifications) are an advantage
