Lead IT Auditor

**Summary of the position**

The Lead IT Auditor conducts audit assignments from planning to reporting. This includes an assessment of the audited activity, the performance of tests, analysis and controls and the issuance of recommendations. He/she is responsible for the consistency, comprehensiveness and quality of the audit deliverables and, under the supervision of a Local Head of Audit, a Regional Supervisor or a Local supervisor, for drafting the debriefing presentation to management and the final report. He/she usually leads a team of several auditors. He/she may also perform himself/herself some critical controls.

**Key Responsibilities**

The Lead IT Auditor is in charge of conducting assignments and to manage the team during the assignments. The assignments may be local, regional or global.

**1. Conduct of assignment**
- To assess the risks of the audited activities (IT/Cyber risks, non-compliance risks and operational risks) and to understand the related control set-up and their relevance
- To review and challenge the processes and the organizations in view of their respective purpose and mandates as well as the related risks, relying on fact based and documented audit works
- To verify the compliance of the audited unit’s processes with internal policies and procedures, and with the applicable laws and regulations
- To monitor the fieldwork carried out by the team and to adjust the fields of audit to the risks identified
- To communicate openly with the Head of Local Audit/ Regional Supervisor/ Local Supervisor on progress made according to the pre-set timeframe
- To notify immediately the Head of Local Audit/ Regional Supervisor / Local Supervisor of any major control weaknesses (reputation, financial loss, compliance, etc.) identified during the audit review and comply with any escalation policy in the bank (including International Sanctions)
- To conduct interviews, debriefing meetings of conclusions with relevant top managers and line managers
- Review management response to the draft report and prepare counter-response if needed
- To produce all the deliverables following IGE methodologies, as per the Audit Charter

**2. Management of a team during an assignment**
- Define objectives and perform end of assignment assessment for the team allocated during an assignment
- Contribute to develop the team’s knowledge and skills
- Prepare assignment planning and allocate work streams by team member and manage projects/tasks/staff and budget resources efficiently
- Ensure collaborative and productive relationship within the team and a good coordination throughout the International Network and with auditees
- Contribute to the continuous improvement of the team, for instance by training team members on methodology, governance, regulation, or on new topics upon request from Regional Supervisor/ Head of Local Audit/ Local Supervisor

**3. IGE Continuous improvement **Program **/ **Transversal topics**

The Lead IT Auditor contributes to the continuous improvement of IGE methodologies and processes. As part of his/her responsibilities, he/she can be requested to:

- Contribute to the creation or update of methodologies and audit processes/guides
- Build and share knowledge (e.g. through contributing to IGE intranet, delivering training or taking part in various Methods and Support workstreams or assignments)
- Update Auditable Items risk scoring in liaison with the relevant Regional Supervisor/ Regional Audit Partner
- Share any relevant information with the IGE Knowledge communities leaders and relevant Audit Partners
- Contribute to one or several IGE knowledge communities
- Manage resources and budget of the assignment to achieve the objectives of the audit plan
- Contribute to the preparation of the audit plan, in coordination with the Audit Manager in charge
- Be actively part of the recommendation follow-up process.

The Lead IT Auditor is regularly trained on banking, IT and regulatory matters and must have a sufficient knowledge of the audited area he/she is responsible for. He/she must complete all the mandatory trainings within the defined timelines.

**Role specific requirements**
- This role may require business travels in any relevant locations to conduct the assigned audits, for periods up to several consecutive weeks
- Lead IT Auditors must comply with the CACIB Audit Charter, in particular the five fundamental ethical principles (integrity, objectivity, confidentiality, expertise, and transparency) and all other locally applicable regulations.
- Lead IT Auditors must also have and maintain a certification in IT audit or IT security (e.g. CISA, CISSP).
- Before or after an assignment, Lead IT Auditors shall have no direct operational responsibility or authority over any of the activities under review. They shall not develop systems or procedures, prepare records or engage in any activity, which belongs to the auditable perimeter.