Sr IT Auditor (Portland, Oregon) - 112177

Date: May 7, 2024

Location: PORTLAND, OR, US, 97232

Company: PacifiCorp

PacifiCorp is seeking customer-centric candidates to grow and sustain our commitment to a culture of customer service excellence, environmental sustainability and diversity, equity and inclusion.

General Purpose

Provides advice and counsel to management and client organizations. Lead technology and security-related internal audits across all business areas. Develop audit assignment objectives and scope, create and update existing detailed audit programs, conduct testing, and effectively communicate audit results, which may include clear and actionable root causes and recommendations to clients. Follow up on assigned audit report recommendations to ensure clients have completed agreed-upon responsive action

Responsibilities

• Lead, plan and perform information technology (IT) related audit projects to evaluate the effectiveness of risk management, internal control and governance processes. Includes reviews of operational compliance, regulatory compliance, best practices, security, access controls, change controls and operations.

• Lead technology and systems-related audit work - including examinations of infrastructure/database/application controls and new system development efforts.

• Lead large projects and perform audits within timeline agreed upon in the project management plan, being innovative, creating audit workpapers that comply with department and IIA standards for content and quality, and providing clear and actionable recommendations to client management in both verbal and written format.

• Lead evaluation of PacifiCorp's internal controls, including application/system controls, to ensure compliance with the North American Electric Reliability Corporation (NERC), Critical Infrastructure Protection (CIP) standards, ISO 27001, NACHA, cybersecurity policies and general computer controls (relied upon for Sarbanes-Oxley compliance).

• Collaborate with other team members, internal clients, and external service providers (auditors, consultants) to better understand risk and carry out engagements. Audit projects may include examinations of infrastructure/database/application controls, and new system development efforts

• Collaborate with business areas to ensure processes and controls are appropriately documented. Document the results of audit testing in support of audit conclusions and in accordance with documentation standards.

• Assess the effectiveness of general computer control design and operations. Advice and provide recommendations to business areas to improve processes and controls and address risks.

• Effectively communicate and report audit status and results in an accurate and concise manner and work with management to develop action plans for recommendations.

• Advise business areas in improving technology and security-related controls and ensure action plans addressing audit findings are completed.

• Participate in enterprise resource planning (ERP) system conversion activities, as required.

• Develop and maintain relationships with audit clients in business areas.

• Train other internal auditors regarding department and company policies and procedures.

• Perform additional responsibilities as assigned.

Requirements

• Bachelor’s degree in computer science, information systems or related field; or the equivalent combination of education and experience.

• Six years of related experience including three or more years of IT auditing or IT security experience.

• Professional information systems-related certification (CISA, CISM, SSCP, CISSP, CFE, etc.) or willingness to obtain this within 18 months

• Advanced knowledge of IT general controls, business application controls, and security of corporate and operational controls networks.

• Influencing skills to persuade, direct and lead opinion.

• Analytical, problem-solving and decision-making skills needed to recognize patterns in data, information or events and to draw logical conclusions and to make recommendations for action.

• Auditing skills to understand principles of internal control.

• Understanding and knowledge of COBIT framework, COSO framework, ISO 27001 and similar information security standards, and Sarbanes-Oxley Act requirements.

• Demonstrated experience, skills, and knowledge of technology area(s) required.

• Possess strong interpersonal and communication skills.

• Effectively communicate to a variety of audiences and analyze complex business scenarios.

• Able to travel domestically, up to 10%.

Preferences

• Working knowledge of project management best practices

• Working knowledge of utility regulatory and accounting requirements (e.g., FERC, ISO 27002, NACHA, Sarbanes-Oxley)

• Previous utility experience

• Working knowledge of the following systems and technologies:

• SAP ERP

• Oracle

Additional Information

Req Id: 112177

Company Code: PacifiCorp

Primary Location: PORTLAND

Department: CFO

Schedule: FT

Personnel Subarea: Exempt

Hiring Range: $100,700 - $118,400

This position is eligible for an annual discretionary performance incentive bonus of up to 15.00% of salary.

Benefits: Health care, retirement, paid time off, tuition assistance, paid short-term and long-term disability, paid bereavement leave. For more information, please visit: https://careers.pacificorp.com/content/New-Benefits-Page/?locale=en_US

Employees must be able to perform the essential functions of the position with or without an accommodation.

At PacifiCorp, we celebrate diversity, equity and inclusion. PacifiCorp is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or religious creed, age, national origin, ancestry, citizenship status (except as required by law), gender (including gender identity and expression), sex (including pregnancy), sexual orientation, genetic information, physical or mental disability, medical condition, veteran or military status, familial or parental status, marital status or any other category protected by applicable local, state or U.S. federal law.

Unless otherwise required by law, all offers of employment are contingent upon the successful completion of a background check and drug screening including for marijuana. While marijuana is legal in several states, including Oregon, a positive test for positions in Oregon may disqualify a candidate. The company complies with the laws of Washington and California and only obtains and considers positive tests for marijuana in safety-sensitive positions or those covered by U.S. Department of Transportation regulations.