Project Auditor - Information/Operational Technology

Job Info

Mar 26, 2024


Posting Expiration Date: May 31, 2024

Schedule Type: Full-Time

Minimum Salary: $105000

Maximum Salary: $135000

Organization: Auditing

Department: EHS Operations and IT

Section: AUDITING EHS Operations & IT

Location: NY-New York-4 Irving Pl Headquarters

Job Description

Mission Statement

  • Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) employees are required to follow health, safety, and environmental policies, EEO, Standards of Business Conduct, and all other applicable company policy and procedures. We all share a responsibility to advance the company’s mission by excelling at our three corporate priorities – safety of our people and the public, operational excellence in all that we do, and ensuring the best possible customer experience.

Core Responsibilities

  • Auditors must remain objective and independent while performing their work and will be required to sign an Auditing Conflicts of Interest Disclosure & IIA Code of Ethics Attestation Form when joining Auditing and annually thereafter.
  • Ensure that safe work practices are followed, and the environment is protected in accordance with Company policy and governmental regulations.
  • Maintain strict confidentiality and demonstrate sound judgment both in character and actions.
  • Comply with all organizational and professional ethical standards and ensure that, audits performed comply with the IIA International Standards for the Professional Practice of Internal Auditing.
  • Lead team of auditors in the planning, execution and reporting of moderate to complex information/operational technology audits, integrated audits and other projects concurrently with no supervision. This includes assessing the adequacy and effectiveness of, general IT controls, application controls, and cyber security-related risks covering a broad range of computer technologies including mainframe, LAN/WAN, client/server, Internet/Intranet, databases, telecommunications, etc. Apply appropriate sampling techniques and use computer-assisted audit tools and techniques.
  • Lead/Conduct Sarbanes-Oxley (SOX) 404 walkthroughs and testing of IT processes, plan and participate in pre/post implementation reviews of major system implementations and assess compliance with critical cyber security standards.
  • Demonstrates a good understanding of relevant regulations and industry standards (e.g., SOX, COSO, COBIT, ITIL, NIST) and the ability to apply requirements to internal control frameworks.
  • Develop risk-and-control matrices and prioritize efforts by the identification of key controls and the development of appropriate strategies to test the design and effectiveness of those controls. Demonstrates consistent results in all aspects of controls evaluation.
  • May develop computerized audit routines to facilitate more effective/efficient audits.
  • Schedule and lead audit kick-off, midpoint audit status, and closing meetings.
  • Ensure that workpapers are complete and supporting documentation is cross-referenced to the record of work done. Ensure that workpapers adequately support audit observations, conclusions, and recommendations and consistently meet the requirements of the Institute of Internal Auditors as detailed in their International Standards for the Professional Practice of Internal Auditing.
  • Prepare clear, concise, and accurate audit reports that require minimal editing for finalization. May assist in the review of draft reports prepared by other auditors.
  • May mentor/train others in audit related functions, lead or supervise staff/projects. Supports and assists the Section Manager on day to day activities. Successfully assumes the delegation of acting Section Manager as needed.
  • Perform follow-up audit work to determine that management has implemented all recommendations timely. Assists the Section Manager with follow-up audit process.
  • Seek, identify, and recommend cost-saving opportunities in the course of performing audits.
  • Continuously complete training in auditing, information/operational technology, and other subject matter areas to meet certification requirements, improve the ability to perform quality audits, and to meet the departmental KPI training requirement.
  • Contribute toward team results, work well with others, and encourage other team members.
  • Audits will be conducted at all Con Edison, Orange & Rockland, Con Edison Transmission and Clean Energy Business locations. Some domestic and international travel required.
  • Support Auditing's Strategic Plan Initiatives including Robotic Process Automation solution implementation, SharePoint development and performing data analytics.
  • Proposes improvements and demonstrates a drive for excellence in auditing. Volunteers for projects.
  • Perform other related assignments as required, including work on Company project teams.

Required Education/Experience

  • Bachelor's Degree Preferably in Information Systems, Computer and 5 years experience

Preferred Education/Experience

  • Bachelor's Degree Science, Engineering, Accounting, or Finance

Relevant Work Experience

  • For Project Auditor 2H role: work experience, Minimum of 5 years of audit experience, , IT security, information risk management, IT governance or other IT compliance-related work. Required
  • Knowledge of internal controls, system development methodologies, complex integrated computer systems and related environments (e.g. operating systems, databases, middleware, network devices and software applications). Required
  • Experience in auditing and knowledge of the Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing is required. Required
  • Knowledge of operational technology used to monitor or control physical devices, processes and events (e.g., Distributed Control Systems and Remote Terminal Units) and/or the Internet of Things is preferred. Preferred
  • Familiarity with Sarbanes-Oxley, NERC Critical Infrastructure Protection and other regulatory requirements is preferred. Preferred
  • Experience working with advanced technical auditing tools (e.g. Oracle BI, ACL). Preferred
  • Experience and familiarity with company policies, procedures, systems and business processes. Preferred

Skills & Ability

  • Demonstrated analytical skills
  • Demonstrated problem solving skills
  • Ability to build strong customer relationships
  • Effective conflict management skills
  • Effective interpersonal skills
  • Effective negotiation skills
  • Excellent collaboration and team building skills
  • Strong written and verbal communication skills
  • Ability to influence internal and/or external constituents
  • Assumes personal responsibility for actions
  • Demonstrated ability to maintain confidential information
  • Demonstrates excellent judgment and decision making skills
  • Maintains a high degree of professionalism
  • Proactively approaches responsibilities
  • Well organized, detail oriented and flexible to handle multiple assignments
  • Performs work independently with minimal supervision
  • Ability to work within tight timeframes and meet strict deadlines
  • Demonstrated time management and priority setting skills
  • Demonstrates a high commitment to quality
  • Possesses strong technical aptitude
  • Must be proficient in Microsoft Office including Word, Excel, Outlook and PowerPoint, etc.

Licenses & Certifications

  • Driver's License Required
  • Other: Certified Information Systems Security Professional CISSP Preferred
  • Other: Certified Information Systems Auditor (CISA) Preferred
  • Other: Other: Certified Information Systems Auditor (CISA) Certified Internal Auditor (CIA)
  • Preferred

Physical Demands

  • Must sit or stand to use a keyboard, mouse, and computer for entire shift

Other Physical Demands

  • Must be able to respond to Company emergencies by performing a System Emergency Assignment to restore service to our customers.
  • Must be able to drive to company locations when necessary.

Technical Difficulty Statement

Equal Opportunity Employer

  • Consolidated Edison Company of New York, Inc. (Con Edison), Orange & Rockland Utilities (O&R), and Consolidated Edison Transmission (CET) are equal opportunity employers. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of the individual’s actual or perceived disability, protected veteran status, race, color, creed, religion, sex, age, national origin, gender, gender identity, gender expression, genetic information, marital status, sexual orientation, citizenship, domestic violence victim status, or any other actual or perceived status protected by law.