General Motors Global IT Controls Assessor - Mid-Range - INF0018634 in Detroit, Michigan

The entry level IT Controls Assurance Associate is responsible for conducting assessments of IT Controls across varying platforms, including mainframe and mid-range environments, and technology components (e.g. applications, infrastructure, network, middleware, database, etc.). Assessment activities are conducted primarily to ensure compliance with various legal and regulatory requirements, as well as, adherence to various Corporate Policies, Industry Standards / Maturity Models, or other requirements set forth by IT management. All work is performed in a corporate environment, which is global in nature, and involves executing standard auditing methodologies, processes, and tools in the areas of audit planning, field work, data analysis, reporting, work paper documentation, and quality assurance (QA).

  • Develop a high-level understanding of the control environment (e.g. function and design)
  • Establish the assessment objectives and finalize scope of control testing
  • Execute field work and collect / analyze evidence.
  • Conclude on the adequacy of the control design and operating effectiveness
  • Document findings and conclusions
  • Report the status and results of the assessment

Education Requirement: BS in Information Systems, Computer Science, or related field

Work Experience: 1-3 years of experience, preferred

Professional Certifications: CISSP, CISA, CISM, CIA, CGEIT, CRISC, PMP

Must be Proficient in:

  • Assessing Controls Design / Operating Effectiveness
  • Assessing Risks
  • Evaluating General IT Controls
  • Conducting / Facilitating Meetings
  • Interviewing auditees / Control Owners
  • Analyzing data
  • Identifying issues / performing root cause analysis
  • Presenting to Senior Management
  • Documenting results / Report writing

One or More Required Technical Skills / Experience:

  • COTS Applications (e.g. SAP, PeopleSoft, Hyperion, etc.)
  • Middleware (e.g. AutoSys, Sailpoint, …)
  • Operating Systems (e.g. UNIX/LINUX, Windows, Z/OS, …)
  • Database Systems (e.g ORACLE, DB2, INGRES, ….)
  • Mainframe Systems (e.g. ACF2, Endeavor, CA-7, ….)
  • Authentication Systems (e.g LDAP, Active Directory, ….)
  • File Transfer Systems (e.g. IIB, Datastage, SeeBeyond, etc.)
  • Network (e.g. Firewalls, Network Monitoring Systems, IDS, IPS, etc.)

Required Personal Skills / Capabilities:

  • Oral / Written Communication skills
  • Persuasion / Negotiation skills
  • Data mining and analytics
  • General IT knowledge
  • Business /political acumen
  • Time / Resource management
  • Developing / Managing Relationships
  • Conflict Management
  • Strong analytical and problem solving ability
  • Project management skills
  • Works independently with accountability for results

Specialized Industry Knowledge / Experience:

  • COSO Internal Control Framework (COSO ICF)
  • Enterprise Risk Management (ERM)
  • Fraud Risk Assessment
  • Gramm-Leach-Blilely Act (GLBA)
  • ISO 27000
  • PCAOB Auditing Standard No 2
  • Sarbanes-Oxley Section 302 (Disclosure Controls and Procedures)
  • Sarbanes-Oxley Section 404 (Internal Control over Financial Reporting)
  • Standards for the Professional Practice of Internal Auditing (IIA Standards)
  • Control Objectives for Information Technology (COBiT)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry Data Security Standard (PCI/DSS)