Job Summary:

• Responsible for execution of assigned IT audit plan projects, IT SOX testing, and development of junior audit staff. Under the direction of the Director, provide an independent and objective opinion on the overall effectiveness and efficiency of the company's system controls in mitigating business risks to achieve NRG's strategy and performance objectives. Provide additional assurance services as requested by the Audit Committee of the Board of Directors or Senior Management.

Essential Duties/Responsibilities:

• Manage the effective and timely execution of IT internal audit projects as assigned by the NRG internal audit plan.
• Oversight and management of audit objectives, timelines, and schedules, and the creation of effective audit programs.
• Review and ensure adequate completion of audit work papers and memoranda, documenting audit tests and findings to effectively support the audit conclusions.
• Responsible for the completion of clear, concise, and proofed audit reports that are fully supported by complete, accurate auditor work papers.
• Perform IT SOX system scoping, control testing, and review, document work papers and issues, and coordinate with external auditors.
• Assist the Director in the management, supervision, training, and development of junior IT audit staff.
• Assist in audit department planning activities including testing schedule and staffing, budget preparation, risk assessment, and other IT audit-related duties as needed.
• Maintain a thorough understanding of IIA and ISACA professional auditing standards and best practice audit procedures and techniques.
• Proactively interact with all levels of management to gather information, resolve problems, and make recommendations for process and control improvements.
• Support and lead co-sourcing projects by coordinating information requirements and managing external auditors.
• Assist department with the management of data analytics, AuditBoard, post-audit surveys, department SharePoint, and system access.

• Hybrid working environment.
• Overtime may be required if needed due to the timing of special projects

Minimum Requirements:

• Bachelor's degree required, with information systems or computer science preferred, and five or more years of IT Audit or relevant experience.
• Must have extensive knowledge of IT general controls, cyber security, data privacy, NIST framework, PCI, SDLC, IT operations, and governance.
• Proficiency in Sarbanes-Oxley compliance, advanced security concepts, emerging technologies, system implementations, and project governance.
• Excellent, proven communication skills required, ability to work and communicate effectively with all levels of clients including technical and non-technical clients, as well as work with teams cross-functionally.
• Proven audit report writing skills with minimal rework.
• Strong analytical skills and ability to consider/develop alternative solutions and "think outside of the box."
• Proven ability to handle confidential and sensitive matters.
• Demonstrated ability to handle multiple assignments, meet deadlines, and work under pressure in a fast-paced environment.
• Motivated to work independently and complete responsibilities with little supervision yet work well and promote a team-oriented culture.
• Highly proficient with Microsoft Office applications, AuditBoard, and other auditing and data analytics tools.
• Demonstrated attention to detail; this is a working manager position.
• Demonstrated a high degree of ethics and a strong sense of business judgment, and able to operate within NRG's published core values.
• Certification relative to the practice of IT security or auditing in one or more of the following is required: CISA, CISSP, CISM, PMP.

Preferred Qualifications:

• Experience working within a NERC CIP, COBIT, ITIL and/or other leading business and IT controls frameworks.
• Demonstrable hands-on skills or knowledge in various technology areas such as Information Security Topics (Identity and Access Management, Authentication Services, DevSecOps, Encryption etc.), Operating Systems (UNIX/Linux, Windows), Cloud Technologies (AWS, Azure, etc.), Networking Technologies (Software Defined Networking, Firewalls, Proxies, Routing etc.), Database Systems (Oracle, SQL Server, etc.), Data Analytics technologies (PowerBI, Tableau, etc.), and Infrastructure (servers, containers etc.).

Additional Knowledge, Skills, and Abilities:

• Experience in application development, IT project management, system and database administration, web application design and development preferred.
• Experience working within a COSO / risk-based framework is preferred.