IT Audit Analyst - Decatur, IL

Job Description

IT Audit Analyst - Decatur, IL

This is an Exempt position; reports to the Associate IT Audit Director – Internal Audit.

Information Technology Audit Analyst position is responsible for completing audits and projects as outlined in the Internal Audit Plan and plays a critical role in the effectiveness of the control environment by providing value added recommendations across Archer Daniels Midland (ADM) including audits of complex computer applications, processes, and technological solutions including Operational Technology (OT) and Cybersecurity. Applicants are expected to have audit experience in information systems and/or cybersecurity and demonstrate proficiency in performing information systems audit work which conforms to professional standards.

Information Technology / Cybersecurity Audit Analyst position will perform, yet is not limited to, the following: structured audits of ADM's data centers, reviews of business applications, pre-implementation reviews of IT systems, and partnering with business management to perform IT risk assessments and analysis. Working autonomously as well as in collaboration with other members, the Information Technology / Cybersecurity Audit Analyst will support in various aspects of IA processes such as risk assessments, audit planning and execution, issue management and special department initiatives for continuous improvement.

Decisions regarding the scope of work performed, nature of testing completed, and the reporting disposition of results may be delegated to this position with oversight by Audit Management.

• BS/BA degree in Computer Science and Information Technology, Cybersecurity, Accounting or Business field.
• Minimum five years of Information Technology, Operational Technology, Cybersecurity or Audit experience. Personnel in this position possess highly specialized experience and clearly demonstrate proficiency in applying that experience to evaluate and test internal controls in audits of highly technical nature which cannot be covered by the general audit staff.
• Develop and maintain proficiency in basic audit principles, skills and techniques, so routine information technology audits are competently and efficiently performed, and in accordance with professional and departmental standards.
• Understanding from an IT audit or Information Security standpoint, the following: IT risks, exposures, vulnerabilities and general controls implementation; knowledge of Information Systems/Information Technology principles, controls, concepts, standards and procedures relating to a business environment.
• Have or be willing to pursue technical certification - CIA, CISA, CISSP, CISM, AAIA, AAISM or other professional cybersecurity certification is a plus.
• Ability to conduct multiple projects and has good analytical, interpersonal, time management, research and communications skills.
• Demonstrates leadership skills and ability to make decisions independently.
• Preferred: experience with Large ERP systems, technology implementation projects and/or exposure to various operating systems (IBM Mainframe zOS and OS400, VMS, Windows, Linux), databases (SQL Server, Oracle, DB2), and business and financial applications (SAP, Oracle, JD Edwards) and/or technical knowledge of Internet Security, infrastructure, servers, and network devices.
• Understanding of IT Operational Functions and concepts including IAM, Asset Management, Cybersecurity, Data Privacy.
• Exposure to AI/ML systems (e.g., participating in model validation, data quality assessment, or reviewing MLOps artifacts) is a plus. Willingness to learn and apply AI is expected.
• Familiarity with industry standards/framework, such as MITRE, OWASP Top-10, NIST 800-115, NIST 800-53, NIST 800-171, NIST Privacy Framework, NIST AI RMF, CSA ISO/IEC 42001, and ISO/IEC 23894, ITIL v3, COBIT and FAIR are desirable.
• Ability to communicate clearly and concisely in verbal and written formats to all levels of employees.