Information Technology Audit Consultant

Overview

The IT Audit Remediation Lead will be responsible for addressing growing regulatory complexity in the US IT landscape. This role is uniquely dual-natured: it requires deep technical expertise — especially in IT infrastructure — paired with the leadership ability to engage and align IT managers throughout the remediation journey.

Responsibilities

• Audit Findings Assessment & Gap Analysis

  Review and consolidate existing internal/external audit findings across IT infrastructure domains (networks, servers, cloud, IAM, backups, DR). Assess gaps against applicable US frameworks: NIST CSF, SOX ITGC, FFIEC, and state privacy regulations (NYDFS). Prioritize findings by risk level, regulatory impact, and remediation complexity.

• Remediation Roadmap Design

  Develop realistic, time-bound remediation plans for each audit domain. Align roadmaps with IT team capacity and budget constraints. Define milestones, owners, evidence requirements, and acceptance criteria for each remediation action item in collaboration with IT managers.

• IT Manager Enablement & Change Leadership

  Onboard and coach IT infrastructure managers onto compliance obligations. Run working sessions to translate audit language into operational tasks. Act as the bridge between the audit/compliance function and day-to-day IT operations, fostering ownership and accountability at the team level.

• KRI Design and Reporting

  Target state IT KRI framework (complete with metrics, thresholds, governance) as per market standards; KRI mapping to regulatory requirements and risk taxonomy; KRI dashboard templates and reporting formats.

• Regulatory Monitoring & Horizon Scanning

  Track evolving US IT regulations, guidance updates and emerging risks. Brief the CIO & the CIO Office on implications and recommend proactive posture adjustments before regulatory events.

• Metrics, Reporting & CIO Briefings

  Maintain a live dashboard of audit findings status, remediation progress, and control effectiveness KPIs. Produce executive-level reporting for the CIO and relevant governance committees. Escalate critical risks with clear, actionable recommendations.

• Pragmatic Solution Design

  Propose remediation solutions that are technically sound, operationally realistic, and cost-conscious. Avoid over-engineering compliance for its own sake. Recognize when compensating controls or risk acceptance are appropriate, and document the rationale rigorously.

Common values

• Ensure the respect of policies and procedures of the Bank, as well as regulatory requirements.
• Ensure accuracy and expediency of any activity related to audits
• Promote GIT’s values and visions of “1 Team” across all functions and geographical locations.

Qualifications

• Bachelor minimum in related field.
• 12+ years in IT audit, IT risk, or infrastructure security
• Experience working with or in Big 4 / top-tier internal audit functions
• Demonstrated experience managing cross-functional remediation programs

Regulatory Frameworks

• NIST CSF, NIST SP 800-53
• SOX ITGC (General Computer Controls)
• FFIEC IT Examination Handbook
• NYDFS regulation

Certifications (preferred)

• CISA (Certified Information Systems Auditor)

Technical Domains

• Patch management & vulnerability management
• Backup, DR & BCP controls
• Change management & SDLC controls
• Application development and maintenance
• Influence without authority
• Cross-functional stakeholder alignment
• Change management & organizational buy-in
• Executive communication

Genpact is an Equal Opportunity Employer and considers applicants for all positions without regard to race, color, religion or belief, sex, age, national origin, citizenship status, marital status, military/veteran status, genetic information, sexual orientation, gender identity, physical or mental disability or any other characteristic protected by applicable laws. Genpact is committed to creating a dynamic work environment that values respect and integrity, customer focus, and innovation.

Furthermore, please do note that Genpact does not charge fees to process job applications and applicants are not required to pay to participate in our hiring process in any other way. Examples of such scams include purchasing a 'starter kit,' paying to apply, or purchasing equipment or training.