Purpose and Importance of Position Under the general direction of the VP/Leader of Corporate Audit Services, the Corporate IT Audit Specialist will report to and support the Corporate Audit Services (CAS) Manager in deploying an integrated audit process. As CAS co-sources with a third-party Technology Risk Advisory team for IT risk and audit expertise, this role will engage directly with Technology Risk Advisory management on all IT-related projects. This role is crucial due to the heavy reliance on the integrity of digitally stored data, as well as the availability and reliability of applications and infrastructure systems in business processes. Additionally, this role supports CAS’ data analytics and automation initiatives to extract meaningful insights to enhance audit procedures and the value of audit deliverables. Essential Functions Evaluate the design and adequacy of Business Process, IT General and Application Controls, as well as other operational controls around the IT infrastructure, applications, and Cybersecurity protocols. Execute risk-based audit procedures for IT and Business Process controls in accordance with Sarbanes-Oxley (SOX) requirements. Investigate and address complex issues and control deficiencies, collaborating with responsible management to develop effective solutions/action plans. Provide technology-related guidance to CAS team members to progressively increase team knowledge of IT auditing concepts and techniques. Leverage technology and automation/data analytics tools to extract meaningful insights and streamline audit procedures with increased audit coverage and efficiencies. Conduct IT risk assessments and advisory engagements for new systems or upgrades, changes in processes and operations, data migrations, etc., and advise management on appropriate risks and control requirements. Build and maintain strong relationships with IT business partners across the company – be recognized as a trusted partner and advisor providing quality insight regarding IT risks and controls. Utilize the AuditBoard Connected Risk GRC solution to maintain and govern IT-related risks and controls, in addition to supporting CAS’ role as gatekeeper of RiverStone’s risk register and control matrix. Leverage automation/data analytics tools to enhance audit work (i.e., Alteryx, SQL). Experience 1 to 3 years of internal/external IT audit, Technology/IT operational risk management Strong technical experience with Excel and Microsoft applications for analytics and presentation Demonstrated experience supporting IT risk and audit projects across multiple business lines, including assessment of IT risks and the design and adequacy of mitigating controls Working knowledge and experience with IT operations, cybersecurity principles, and emerging technologies including cloud-based applications and agile software development Familiarity with the regulatory environment and how technology risks are viewed Experience in the financial or insurance sector a plus Required Education Bachelor’s Degree in Information Technology or Business fields with an interest in Computer Information Systems or Management Information Systems, equivalent work experience Preferred Education or Certification Certification(s) – Certified Information Systems Auditor (CISA); Certified Internal Auditor (CIA); Certified in Risk and Information Systems Control (CRISC); Associate in Insurance Data Analytics (AIDA); AuditBoard Certifications – desired but not required. Candidate will have the ability to commit to obtaining a professional certification within 12 months of hire date. Travel Minimal. Examples may include occasional site visits to US Runoff locations, or Fairfax affiliates, as well as external training opportunities. Work Environment / Physical Demands This position operates in a professional, collaborative environment and must have the ability to timely produce thorough, accurate work with many competing demands, deadlines, and distractions. The position uses standard equipment such as phones, computers, copiers/printers and filing cabinets. Noise level is moderate. Other Duties (Disclaimer Statement) RiverStone retains the right to change or assign other duties to this position as needed, or other duties or responsibilities may change or be assigned as needed. Diversity, Equity, Inclusion & Belonging RiverStone Resources, LLC is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, LGBTQ, national origin, gender identity, disability, protected veteran status, or any other characteristic protected by law.