Internal IT Auditor

at Bottomline Technologies

Virtual

Who We Are:

Bottomline Technologies (NASDAQ: EPAY) provides cloud-based payment, invoice and banking solutions to corporations, financial institutions and banks around the world. The company’s solutions are used to streamline, automate and manage processes involving payments, invoicing, global cash management, supply chain finance and transactional documents. Over 10,000 customers trust Bottomline to meet their needs for efficiencies, competitive differentiation and optimization of working capital. Headquartered in the United States, Bottomline also maintains offices in UK, Europe and Asia-Pacific.

The Position:

The Bottomline IT auditor is responsible for performing Internal Audits of Business Line processes and their respective IT environments to ensure they follow defined policies and practices. They must evaluate technology, identify controls, and keep throughout records. In addition to performing internal audits, the IT auditor shall act as a mentor to Business Line and IT staff teams to ensure they have a solid understanding of auditing procedures and expectations of interview as well as artifact requirements, and are effective planners, communicators, and examiners.

The IT auditor must retain authority, encourage problem solving, and promote a constructive work environment. They must be able to direct audit functions while understanding the risks associated with current and emerging technologies. The Bottomline IT auditor shall compile a vast array of data into a coherent report for the CFO, CIO and CISO.

This position can be based out of our Portsmouth, NH headquarters, or, out of a virtual location within the US

Responsibilities:

• Participate in the development of the annual IT Audit Universe, Audit Report standardization and maturing the Audit Program
• Analyze the IT environment to evaluate application and infrastructure risks and controls
• Coordinate, execute and manage the planning, testing and reporting phases for multiple concurrent IT audits
• Design, review and approve tests that identify control weaknesses, and provide strategic recommendations to enhance business operations
• Present findings to senior management and negotiate suggested action plans
• Build and maintain strong relationships by demonstrating detailed knowledge of the business environment
• Maintain up-to-date knowledge of the Financial Services \ Software Hosting Solutions Provider Industry
• Promote a risk-aware culture; ensure efficient and effective risk and compliance management practices by adhering to required standards and practices
• Participate in a primary capacity in audits, compliance, and regulatory activities, including, but not limited to: PCI, SSAE18, FFIEC, ISO9001 and ISO27001
• Work collaboratively with various technical teams in the design and implementation of audit, regulatory, and compliance practices for information security
• Manage the ongoing effectiveness of information security controls (automated, manual, and needing development), working with a variety of control owners within the Information; Security and Technology organizations, and evaluating control design and standards in a variety of program areas
• Assist in development and implementation of internal policies and procedure documents to support IT compliance initiatives
• Promote proactive readiness activities and enhancement of information security-based internal controls to support future internal and external reviews
• Develop data points into information security and risk management reporting activities, including dashboards, metrics, and executive reporting content
• Advise senior and executive management on the status of technology risk and compliance controls based on assessment results and information from various monitoring and control systems
• Participation in special projects or other duties as required

Requirements:

Strong understanding and knowledge of business risks related to general system controls, system/applications development, change management, logical access security, local area network and wide area network concepts, contingency and recovery:

• Understanding of data management concepts
• 7+ years of experience in security governance, risk and compliance, information security and information technology
• Experience within a banking or financial services environment is highly preferred
• Knowledge of SSAE18, ISO27001/2, ISO9001/2, FFIEC and COBIT relevant security frameworks
• Strong understanding of current regulatory expectations for financial services organizations
• Excellent analytic, oral and written communication skills
• Experience with Application Security (including OWASP concepts and application architecture and controls)
• Assessment experience in Linux and Windows operating systems, Cisco and Juniper Network devices configuration, Oracle, MySQL and MSSQL database management systems
• Network & Infrastructure Architecture and Security (including network segmentation concepts, firewalls, routers, VPN solutions etc)
• Systems Development (including SDLC, project management and change control methodologies)
• Physical Security & Data Center Environmental Controls
• Knowledge of Hosted Private and Public Cloud environments, Client Server Technology, Networks, Firewalls, SIEM and E-Commerce security risks
• Experience using audit software tools, security scripts and GRC applications
• CISA, CISSP or other relevant certification preferred
• Excellent project management skills
• High attention to detail necessary to manage, analyze and finalize artifacts and documents
• Organized, responsive, and able to manage multiple initiatives and tasks in parallel.

Education:

• BA, BS or MBA Degree
• Relevant industry recognized security certifications such as: CISSP, CISA, PCI SA, PMP, CISM, CPP and/or CFE