The Bottomline IT auditor is responsible for performing Internal Audits of Business Line processes and their respective IT environments to ensure they follow defined policies and practices. They must evaluate technology, identify controls, and keep thorough records. In addition to performing internal audits, the IT auditor shall act as a mentor to Business Line and IT staff teams to ensure they have a solid understanding of auditing procedures and expectations of interview as well as artifact requirements, and are effective planners, communicators, and examiners.
The IT auditor must retain authority, encourage problem solving, and promote a constructive work environment. They must be able to direct audit functions while understanding the risks associated with current and emerging technologies. The Bottomline IT auditor shall compile a vast array of data into a coherent report for the CFO, CIO and CISO.
This position can be based out of our Portsmouth, NH headquarters, or, out of a virtual location within the US.
Participate in the development of the annual IT Audit Universe, Audit Report standardization and maturing the Audit Program
Analyze the IT environment to evaluate application and infrastructure risks and controls
Coordinate, execute and manage the planning, testing and reporting phases for multiple concurrent IT audits
Design, review and approve tests that identify control weaknesses, and provide strategic recommendations to enhance business operations
Present findings to senior management and negotiate suggested action plans
Build and maintain strong relationships by demonstrating detailed knowledge of the business environment
Maintain up-to-date knowledge of the Financial Services \ Software Hosting Solutions Provider Industry
Promote a risk-aware culture; ensure efficient and effective risk and compliance management practices by adhering to required standards and practices
Participate in a primary capacity in audits, compliance, and regulatory activities, including, but not limited to: PCI, SSAE18, FFIEC, ISO9001 and ISO27001
Work collaboratively with various technical teams in the design and implementation of audit, regulatory, and compliance practices for information security
Manage the ongoing effectiveness of information security controls (automated, manual, and needing development), working with a variety of control owners within the Information; Security and Technology organizations, and evaluating control design and standards in a variety of program areas
Assist in development and implementation of internal policies and procedure documents to support IT compliance initiatives
Promote proactive readiness activities and enhancement of information security-based internal controls to support future internal and external reviews
Develop data points into information security and risk management reporting activities, including dashboards, metrics, and executive reporting content
Advise senior and executive management on the status of technology risk and compliance controls based on assessment results and information from various monitoring and control systems
Participation in special projects or other duties as required
Strong understanding and knowledge of business risks related to general system controls, system/applications development, change management, logical access security, local area network and wide area network concepts, contingency and recovery:
7+ years of experience in security governance, risk and compliance, information security and information technology
Experience within a banking or financial services environment is highly preferred
Knowledge of SSAE18, ISO27001/2, ISO9001/2, FFIEC and COBIT relevant security frameworks
Strong understanding of current regulatory expectations for financial services organizations
Assessment experience in Linux and Windows operating systems, Cisco and Juniper Network devices configuration, Oracle, MySQL and MSSQL database management systems
Assessment experience in Network & Infrastructure Architecture and Security (including network segmentation concepts, firewalls, routers, VPN solutions etc)
Assessment experience in Systems Development (including SDLC, project management and change control methodologies)
Assessment experience in Physical Security & Data Center Environmental Controls
Assessment experience in Application Security (including OWASP concepts and application architecture and controls)
Knowledge of Hosted Private and Public Cloud environments, Client Server Technology, Networks, Firewalls, SIEM and E-Commerce security risks
Experience using audit software tools, security scripts and GRC applications
CISA, CISSP or other relevant certification preferred
Excellent project management skills
Excellent analytic, oral and written communication skills
High attention to detail necessary to manage, analyze and finalize artifacts and documents
Organized, responsive, and able to manage multiple initiatives and tasks in parallel.
Telecommuting is allowed. Employer does not assist with relocation costs.
About Bottomline Technologies
Bottomline Technologies (NASDAQ: EPAY) provides cloud-based payment, invoice and banking solutions to corporations, financial institutions and banks around the world. The company’s solutions are used to streamline, automate and manage processes involving payments, invoicing, global cash management, supply chain finance and transactional documents. Over 10,000 customers trust Bottomline to meet their needs for efficiencies, competitive differentiation and optimization of working capital. Headquartered in the United States, Bottomline also maintains offices in UK, Europe and Asia-Pacific. For more information, visit www.bottomline.com.