Information Technology Audit Consultant

SummaryThe IT Audit Remediation Lead will be responsible for addressing growing regulatory complexity in the US IT landscape. This role is uniquely dual-natured: it requires deep technical expertise — especially in IT infrastructure — paired with the leadership ability to engage and align IT managers throughout the remediation journey.Key Responsibilities:Audit Findings Assessment & Gap AnalysisReview and consolidate existing internal/external audit findings across IT infrastructure domains (networks, servers, cloud, IAM, backups, DR). Assess gaps against applicable US frameworks: NIST CSF, SOX ITGC, FFIEC, and state privacy regulations (NYDFS). Prioritize findings by risk level, regulatory impact, and remediation complexity.Remediation Roadmap DesignDevelop realistic, time-bound remediation plans for each audit domain. Align roadmaps with IT team capacity and budget constraints. Define milestones, owners, evidence requirements, and acceptance criteria for each remediation action item in collaboration with IT managersIT Manager Enablement & Change LeadershipOnboard and coach IT infrastructure managers onto compliance obligations. Run working sessions to translate audit language into operational tasks. Act as the bridge between the audit/compliance function and day-to-day IT operations, fostering ownership and accountability at the team level.KRI Design and Reporting-Target state IT KRI framework (complete with metrics, thresholds, governance) as per market standards-KRI mapping to regulatory requirements and risk taxonomy- KRI dashboard templates and reporting formatsRegulatory Monitoring & Horizon ScanningTrack evolving US IT regulations, guidance updates and emerging risks. Brief the CIO & the CIO Office on implications and recommend proactive posture adjustments before regulatory events.Audit Liaison & Evidence ManagementServe as primary point of contact for internal and external auditors during IT audit cycles. Coordinate evidence collection, manage auditor requests, and prepare IT teams for walkthroughs. Negotiate remediation timelines with auditors where findings are complex.Metrics, Reporting & CIO BriefingsMaintain a live dashboard of audit findings status, remediation progress, and control effectiveness KPIs. Produce executive-level reporting for the CIO and relevant governance committees. Escalate critical risks with clear, actionable recommendations.Pragmatic Solution DesignPropose remediation solutions that are technically sound, operationally realistic, and cost-conscious. Avoid over-engineering compliance for its own sake. Recognize when compensating controls or risk acceptance are appropriate, and document the rationale rigorously.Common valuesEnsure the respect of policies and procedures of the Bank, as well as regulatory requirements.Ensure accuracy and expediency of any activity related to auditsPromote GIT’s values and visions of “1 Team” across all functions and geographical locations.QualificationsBachelor minimum in related field.12+ years in IT audit, IT risk, or infrastructure securityHands-on experience remediating IT audit findingsExperience working with or in Big 4 / top-tier internal audit functionsDemonstrated experience managing cross-functional remediation programsRegulatory FrameworksNIST CSF, NIST SP 800-53SOX ITGC (General Computer Controls)FFIEC IT Examination HandbookNYDFS regulationCertifications (preferred)CISA (Certified Information Systems Auditor)CRISC (IT Risk & Control)Technical DomainsNetwork infrastructure (firewalls, segmentation, VPN)Patch management & vulnerability managementBackup, DR & BCP controlsChange management & SDLC controlsApplication development and maintenanceLeadership CompetenciesInfluence without authorityCross-functional stakeholder alignmentChange management & organizational buy-inExecutive communicationConflict resolution in high-pressure contextsProgram management & prioritizationGenpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation.Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a 'starter kit,' paying to apply, or purchasing equipment or training.