Description

Start: Early June 2026 (target)

Commitment: 20 hours/week

Duration: 12 months

One of Millenilink’s clients in the management consulting industry is seeking a part-time IT Auditor (Technology Risk / IT Audit) to support a client engagement focused on technology risk, IT controls, and audit support work. This is a long-term, part-time contract designed for a seasoned practitioner who can deliver high-quality work with minimal ramp-up.

What You’ll Do

  • Execute technology risk and IT audit workstreams in support of internal audit and technology risk programs.
  • Assess and document IT General Controls (ITGCs), including SOX-aligned control design and operating effectiveness.
  • Perform information security assessments and controls work aligned to frameworks such as NIST CSF and ISO 27001.
  • Evaluate SDLC and system implementation risks, including key process, controls, and governance considerations.
  • Support data conversion controls review and testing (planning, execution, documentation).
  • Provide risk-based recommendations and clear documentation suitable for audit and stakeholder review.
  • Collaborate with client stakeholders across audit teams and business/operations partners in a supportive, non-adversarial culture.

Required Experience & Qualifications

  • 4–5+ years of relevant experience in technology risk, IT audit, internal audit, or information security.
  • Demonstrated ITGC / SOX controls foundation (risk/control thinking, walkthroughs, testing, documentation).
  • Practical experience with information security controls and common security frameworks (NIST CSF, ISO 27001).
  • Experience assessing SDLC / systems implementation risks and controls.
  • Experience with data conversion controls (or adjacent implementation controls work).
  • Broad understanding of cloud security (high-level control domains, shared responsibility, common risk areas).
  • Combination of internal audit and information security background.
  • Consulting / Big Four experience
  • Ability to produce clear, audit-ready documentation and communicate findings to mixed technical/non-technical audiences.
  • Reliable availability and ability to commit to the full 12-month term.

Nice to Have Experience

Experience with legacy system risk management and end-of-life planning.