Job Title

Audit (IT) Manager Job ID: 15352 Business Unit: MTA Headquarters Location: New York, NY, United States Regular/Temporary: Regular Department: Audit Services Date Posted: Apr 21, 2026 Description JOB TITLE: Audit (IT) Manager DEPT/DIV: Audit Services SUPERVISOR: Assistant Auditor General WORK LOCATION: 2 Broadway, New York, NY 10004 HOURS OF WORK: 9:00 am - 5:30 pm (7.5 hours/day) or as required FULL/PART-TIME FULL SALARY: $ 125,053 DEADLINE: Until filled This position is eligible for telework, which is currently one day per week. New hires are eligible to apply 30 days after their effective date of hire. Opening: The Metropolitan Transportation Authority is North America's largest transportation network, serving a population of 15.3 million people across a 5,000-square-mile travel area surrounding New York City, Long Island, southeastern New York State, and Connecticut. The MTA network comprises the nationu2019s largest bus fleet and more subway and commuter rail cars than all other U.S. transit systems combined. MTA strives to provide a safe and reliable commute, excellent customer service, and rewarding opportunities. Job Summary : Lead Risk-Based IT Audits. Plan and execute IT audits covering general controls, application controls, cybersecurity, cloud (IaaS/PaaS/SaaS), identity and access management, network and endpoint security, databases, and data governance. Assisting and supporting the Director/Assistant Auditor General in the performance of their duties, and in the absence of the Director, will act on the Director's behalf in all matters related to that unit's activities. Also, coaching, counseling, advising, and assisting in the professional development of audit staff, as required. Responsibilities: + Lead Risk-Based IT Audits: Plan and execute IT audits covering general controls, application controls, cybersecurity, cloud (IaaS/PaaS/SaaS), identity and access management, network and endpoint security, databases, and data governance. Assisting and supporting the Director/Assistant Auditor General in the performance of their duties, and in the absence of the Director, will act on the Directoru2019s behalf in all matters related to that unitu2019s activities. Also, coaching, counseling, advising, and assisting in the professional development of audit staff, as required. + Audit Planning & Scoping: Develop risk-based engagement-level audit plans, define objectives and scope, perform preliminary risk assessments, and establish detailed testing programs. + Control Testing & Analytics: Design and perform control tests using appropriate sampling and data analytics (e.g., ACL, IDEA, SQL, Python) to increase coverage, depth, and efficiency. + Frameworks & Compliance: Assess control maturity against NIST, COBIT, ISO 27001, ITIL, and relevant regulatory requirements (e.g., SOX where applicable, privacy/security mandates). + Cloud & ERP Focus: Evaluate controls in major systems (e.g., AWS/Azure, enterprise applications/ERPs), including change management, configuration, interfaces, and data integrity. + Cyber & Third-Party Risk: Perform audits of cybersecurity controls, incident response, vulnerability/patch management, and third-party/vendor risk, including contractually required controls and service level compliance. + Issue Management: Identify root causes, quantify impact, recommend pragmatic remediation, and track management action plans to timely closure; escalate risks appropriately. + Reporting & Communication: Draft clear, concise audit reports; present findings and recommendations to IT and business leaders; prepare materials for senior management and Board-level committees as requested. + Stakeholder Engagement: Build collaborative relationships with key stakeholders from Information Technology, Legal, and other agency leadership; translate complex technical issues into business terms and actionable steps. + Quality & Standards: Ensure audits comply with the IIAu2019s International Professional Practices Framework (IPPF) and internal methodologies; and, contribute to methodology updates and audit tool optimization. + Team Leadership: Supervise auditors; provide coaching, on the job training, performance feedback, and professional development; foster a culture of integrity, curiosity, and continuous improvement. + Continuous Auditing/Monitoring: Implement continuous auditing/monitoring and data-driven risk indicators to proactively detect anomalies and emerging risks. + Performs other duties as assigned + Complies with all policies and standards + May be required to work hours outside regular work hours, as applicable + Observes the work performed by contractors, as applicable + Reviews invoices and approves them if the work meets contractual standards, as applicable + Addresses performance issues with the contractor when possible, as applicable + Escalates issues to other parties when needed, as applicable Required Knowledge/Skills/Abilities: + Demonstrated ability to work with all levels of the organization . + Excellent analytical and business judgment skills . + Proven ability to manage multiple projects simultaneously in a fast-paced environment. + Understanding of professional audit practices, including audit program and workpaper development . + Excellent communication and interpersonal skills. Required Education and Experience: + Bacheloru2019s Degree in Arts/Sciences (BA/BS) Accounting, Business Administration, Computer Science, Information Technology, or a related field; an equivalent combination of education and experience may be considered in lieu of a degree . + Minimum 8 years Satisfactory full-time experience conducting IT audits in internal audit, public accounting/consulting, or satisfactory full-time experience conducting IT audits in internal audit, public accounting, or a similar role within a complex organization. The Following is/are preferred: + Strong knowledge of IT general controls, application controls, cybersecurity practices, and industry frameworks (NIST, COBIT, ISO 2700, ITIL) . + Minimum 1 year of Prior information technology or computer systems experience . + Minimum 1 year of Supervisory/lead experience managing audit projects and mentoring staff . + CIA, CISA, or CPA, and supervisory/lead experience managing audit projects and mentoring staff within 1 Year Other Information May need to work outside of normal work hours (i.e., evenings and weekends) Travel may be required to other MTA locations or other external sites. According to the New York State Public Officers Law & the MTA Code of Ethics, all employees who hold a policymaking position must file an Annual Statement of Financial Disclosure (FDS) with the NYS Commission on Ethics and Lobbying in Government (the u201cCommissionu201d). Equal Employment Opportunity MTA and its subsidiary and affiliated agencies are Equal Opportunity Employers, including those concerning veteran status and individuals with disabilities. The MTA encourages qualified applicants from diverse backgrounds, experiences, and abilities, including military service members, to apply.