Senior Assistant Vice President, IT Audit

The Sr. AVP – IT Audit provides strategic leadership and oversight of the IT Audit function within an Insurance and Financial Services environment. This role is responsible for assessing the effectiveness of technology controls, cybersecurity, data governance, and system resiliency across core insurance platforms and financial systems. The position serves as a trusted advisor to executive management, Audit Committee, and regulators, ensuring compliance with regulatory requirements and alignment with business objectives.

Leadership & Strategy

• Lead and oversee enterprise-wide IT audit strategy, risk assessment, and annual audit planning for insurance and financial services operations.
• Manage and mentor IT audit managers and staff, fostering a high-performance and continuous-improvement culture.
• Act as a strategic partner to business, technology, compliance, and risk leadership teams.

Audit Execution & Oversight

• Direct audits covering:
  • Core insurance systems (policy administration, claims, underwriting, billing)
  • Financial systems (GL, ERP, reporting platforms)
  • Cybersecurity, IAM, data privacy, cloud, and infrastructure
  • Application development, change management, and SDLC controls
• Ensure audits are risk-based, data-driven, and aligned with regulatory expectations and industry best practices (COSO, COBIT, NIST, ISO).
• Review and approve audit scopes, testing approaches, findings, and final reports.

Regulatory & Compliance

• Ensure compliance with relevant regulatory frameworks, including:
  • SOX (ITGCs & automated controls)
  • NAIC Model Audit Rule
  • NYDFS Cybersecurity Regulation (23 NYCRR 500)
  • SOC 1 / SOC 2, PCI DSS, GDPR (as applicable)
• Support regulatory examinations and external audits; act as primary IT audit liaison with regulators and external auditors.

Risk Management & Advisory

• Identify emerging technology and cyber risks impacting insurance and financial services operations.
• Provide advisory services on major initiatives (system implementations, cloud migrations, M&A integrations, automation, AI).
• Monitor remediation of audit issues and provide reporting on risk trends to senior leadership and Audit Committee.

Governance & Reporting

• Prepare executive-level reporting for senior management and Audit Committee, including audit results, risk assessments, and key metrics.
• Contribute to enterprise risk management (ERM) initiatives and technology risk governance forums.

Education

• Bachelor’s degree in Information Systems, Computer Science, Accounting, Finance, or related field (required)
• Master’s degree (MBA, MIS, or equivalent) preferred

Experience

• 12+ years of progressive experience in IT audit, technology risk, or cybersecurity
• 5+ years in a senior leadership or management role within insurance or financial services
• Strong experience with insurance platforms and financial systems in a regulated environment

Certifications (Preferred)

• CISA, CISSP, CRISC, CIA, CPA, or equivalent

Key Skills & Competencies

• Deep knowledge of IT controls, cybersecurity, and regulatory compliance in insurance/financial services
• Strong leadership, stakeholder management, and executive communication skills
• Ability to translate complex technical risks into clear business impact
• Experience with audit analytics, automation, and continuous monitoring
• High integrity, sound judgment, and independence of thought