Senior Technology Auditor (Continuous Process Monitoring)

You have a clear vision of where your career can go. And we have the leadership to help you get there. At CNA, we strive to create a culture in which people know they matter and are part of something important, ensuring the abilities of all employees are used to their fullest potential.

CNA seeks to offer a comprehensive and competitive benefits package to our employees that helps them - and their family members - achieve their physical, financial, emotional and social wellbeing goals.

For a detailed look at CNA's benefits, check out our Candidate Guide.

Continuous Process Monitoring

The CPM team's goal is to monitor all IT processes and related controls and assure that controls are operating as intended and control failures are identified timely and communicated to key stakeholders for proper mitigation before they pose a risk to the organization. The CPM program has been developed within CNA's first line of defense with the CPM activities embedded within IT processes and management-level controls. The program is implemented for controls in CNA's Process, Risk and Controls (PRC) framework as identified by control and process owners and other stakeholders.

Job Summary

Continuous Process Monitoring (CPM) IT Senior Specialist will assist in implementing and reviewing technology controls to meet regulatory, compliance and operational needs of the organization. The Specialist leads in monitoring the performance of these controls throughout the year to ensure they meet the agreed upon control objectives and address the necessary risks. The position will provide detailed reports to control and process owners as well as the IT leadership. The review and monitoring process will result in proposed recommendations and tracking of remediation plans to ensure all pertinent risks are addressed in a timely manner. The position will also be involved in resolving audit issues related to failed controls. To make impactful difference, the results will be driven by taking initiatives, critical thinking, engaging, managing multiple projects and collaborating with stakeholders and leadership at all levels along with effective reporting. The dynamic environment provides opportunities for consistent learning helping to realize true potential and career growth.

JOB DESCRIPTION:

Essential Duties & Responsibilities

Performs a combination of duties in accordance with departmental guidelines:

• Conduct IT reviews of systems, applications and IT processes. Perform review of IT processes and controls under the oversight of the Director; including identifying areas where technology units should consider changes to improve efficiency. Execute various other reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate.

• Provide Technology staff and Third party vendors appropriate guidance on IT risk management matters, particularly on applications, operations management, strategy and infrastructure security.

• Perform IT security assessments (e.g. network, operating system, application and data center), including evaluating if security vulnerabilities are properly identified and mitigated. Coordinate performance of these reviews with internal stakeholders;

• Learn and support tools to analyze results and data to improve audit efficiency and effectiveness, (including for risk assessments).

• Serves as a primary driver of the communication and reporting of the CPM function to various stakeholders.

• Develops a systematic methodology for communicating results to ensure that key personnel are informed and can provide feedback. Prepare and report results to executives, process owners and other stakeholders.

• Proactively provides content associated with the education and awareness of policies standards control procedures and IT Operational responsibilities across our organization. Responds to needs and feedback accordingly.

• Address audit findings and issues and coordinate remediation with various stakeholders and appropriately perform the reporting. Detects issues related to the operation of in-scope controls to ensure the effective operation of IT processes and controls for audit purposes.

Reporting Relationship

Typically reports to Director or above.

Skills Knowledge & Abilities

• Solid understanding of IT infrastructure, security and application controls, operating models, methodology and approaches. Expert knowledge of internal auditing, internal controls, risk management and understanding of internal control environments within IT and some business functions.

• Experience with multiple technology domains including aspects of Windows, Mainframe, Unix and/or database administration, software development and networking.

• Ability to multi task on assignments, prioritize and deliver on routine tasks and assigned projects.

• Strong communication and interpersonal skills to work effectively and foster teamwork with peers on project teams and other functional areas inside and outside of IT along with the ability to communicate effectively with technical and non-technical audiences.

• Ability to work within significant limits of authority on assignments requiring technical complexity and confirmation with minimal guidance. Ability to lead meetings with all level of managements.

• Maintain technical competence by ongoing training, seeking development opportunities and applying new knowledge to daily work assignments.

Education & Experience

• Bachelor's Degree or equivalent with preferable concentrations in Management Information Systems, Computer Science, Networking and Information Security or related discipline.

• Typically a 5+ years of related experience in public accounting, auditing, advisory or related field.

• CISA, CRISC, CISM, CISSP certification is a plus.

• Exposure to IT standards (e.g. ISO 27001), frameworks (e.g. COBIT, NIST, ITIL, CIS, ), technical systems and emerging technologies.

#Remote

#LI-JB1

CNA is committed to providing reasonable accommodations to qualified individuals with disabilities in the recruitment process. To request an accommodation, please contact leaveadministration@cna.com.