Description The Audit Department is responsible for ensuring the markets and centralized departments are in compliance with federal and state regulations, as well as internal policies and procedures. The Audit Department acts in both an assurance role as well as a consulting role. The Analyst, Internal Audit – IT performs intermediate to advanced level work individually or as part of a team. The Analyst-IT is responsible for executing information technology (IT) audit fieldwork and contributing to IT audit risk assessment, planning, and reporting activities. The Analyst-IT, in collaboration with the Senior Analyst - IT, will also serve as a liaison between the Internal Audit Department, the various IT Departments and external IT examiners and auditors. In this role, the Analyst-IT would use critical thinking skills to complete assigned test work in an independent manner, will utilize available resources to independently research and will understand different levels of risk and risk-mitigation tactics.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Completes IT audit testwork and conducts IT audits of various departments to verify accuracy of records, compliance with policies and procedures and adherence to applicable laws and regulations.

• Leads interviews with individuals within departments and markets.

• Records each audit procedure to support work performed and results obtained.

• Completes audit programs, including planning and being the auditor-in-charge for assigned audits, in an efficient and effective manner.

• Develops an understanding of FirstBank’s varied IT environment components including hardware; software; applications; databases; and security systems, and the relationships of these technologies to business processes

• Develops and implements audit programs as directed by management.

• Reviews, evaluates, develops, implements, maintains and verifies internal and business controls for processes and procedures in accordance with corporate objectives and applicable laws and regulations.

• Contributes to the review of IT audit testwork.

• Uses critical thinking skills to work autonomously while including other, less experienced employees in testwork that is appropriate for their development level.

• Identifies risks and effectively relays risks and proposed risk mitigation strategies to the markets and centralized department employees .

• Ensures the effectiveness of controls in compliance with corporate objectives and applicable laws and regulations.

• Displays superior judgment and decision making skills and collaborates, when necessary, with the appropriate level of other Audit Department personnel to arrive at reasonable conclusions.

• Coordinates or leads others within the department to accomplish program objectives of complex audits within agreed upon time constraints.

• Interfaces with and assists outside auditors to expedite their work.

• Demonstrates depth and breadth of business knowledge including operational, financial and regulatory impact.

• Creates documents within Word and Excel and navigates within various FirstBank applications and the eGRC system .

• Displays leadership skills that lead to the identification of needs for training and development for department employees.

• Training and mentoring of other employees within the department.

• Collaborates with Audit Department employees to further integrate IT audit concepts into the financial, regulatory and operational audits.

• Develops and maintains relationships with IT personnel to assist and expand the consulting role of the Audit Department within the varied IT departments and operations support services departments.

• Completes minimum Continuing Professional Education (CPE) requirements to comply with department standards and to maintain certifications.

• Performs other duties and projects as assigned.

• Understands and complies with all provisions of the Safety in the Workplace policy.

Requirements MINIMUM QUALIFICATIONS OF POSITION

• Bachelor’s degree with a major or minor in Computer Science, Information Systems or Technology or equivalent.

o A combination of business relevant post-high school education, job related certification (such as CISA) and internal IT audit or other related experience equivalent to 5 years may be considered in lieu of a degree.

• Typically requires a minimum of 2 years of internal or external (public) experience in a capacity such as IT audit, information security, technology risk consulting, or internal control assessment (such as SOX).

• Experience in or knowledge or an applicable specialized area(s) such as banking regulatory compliance, risk and control matrices, IT regulatory controls inclusive of IT application controls and IT general controls, etc.

PREFERRED QUALIFICATIONS OF POSITION

• Prior work experience within a public company or bank with a complex technology environment in a capacity as “IT Auditor”.

• Direct internal or external auditor experience can also be demonstrated by a candidate whom has worked as a consultant, third party, IT Sarbanes Oxley auditor, or similar work experience under the direction of either Internal or External audit.

• Professional certifications, such as Certified Information Systems Auditor or Certified Internal Auditor are desired, but not required.

• Experience with audit-specific data analytics techniques is also desirable, but not required.

KNOWLEDGE AND SKILLS

• Solid foundation in business process description, risk identification, control design assessment, and control testing.

• Fundamental technical knowledge such as networking, business information systems and information security.

• Leadership-Ability to effectively lead others in the Audit Department to achieve maximum performance through training and coaching.

• Complex Problem Solving-Identification of complex problems and reviewing related information to develop and evaluate options and implement solutions.

• Critical Thinking-Uses strengths and weaknesses of alternative solutions, conclusions or approaches to solve problems; readily assimilates and applies new information to current and future problem solving and decision making.

• Active Learning-Understands the implications of new information for both current and future problem solving and decision making.

• Active Listening-Giving full attention to what other people are saying, taking time to understand the points being made and asking questions as appropriate.

• Reading and Writing Comprehension-Ability to effectively understand written documents and correspondence and to effectively communicate through writing.

• Actively looks to help others in the department as well as with clients; attentive, empathetic, and collaborative in approaching problems, recommending solutions, and offering assistance.

• Has proficient computer skills which allow the Associate Analyst to work in Word, Excel and learn the eGRC system.

• Has the ability to work under strict time constraints.

WORKING CONDITIONS AND PHYSICAL REQUIREMENTS

Work is performed in an office environment with moderate noise levels and light to heavy traffic. An individual in this position:

• Frequently remains stationary throughout a typical business day

• Frequently operates a computer and other office machinery, such as a calculator, copy machine, and computer printer

• Occasionally moves about inside the office to access file cabinets, office machinery, and other rooms

• Occasionally positions self to access drawers and shelves of various heights

• Frequently reaches for and handles paperwork and files

• Constantly communicates with customers, coworkers, and management in-person and on the phone

• Must be able to exchange accurate information

Work Hours Monday through Friday

Part Time No

• FirstBank is an EOE/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, genetic information, disability, veteran status, or any other applicable status protected by state or local law.

• Please view Equal Employment Opportunity Posters provided by OFCCP hereat http://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm .

• FirstBank will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with FirstBank’s legal duty to furnish information. 41 CFR 60-I.35(c)