Exelon Senior IT Auditor in BALTIMORE, Maryland

At Exelon, we've got a place for you Join the nation's leading competitive energy provider, with one of the largest electricity generation portfolios and retail customer bases in the country. You will be part of a family of companies that strives for the highest standards of power generation, competitive energy sales, and energy delivery. Our team of outstanding professionals is focused on performance, thought leadership, innovation, and the power of ideas that come from a diverse and inclusive workforce. Exelon will provide you the tools and resources you need to design, build and enhance a successful career. We are also dedicated to motivating the success of our employees through competitive base salary, incentives, and health and retirement benefits. Join Exelon and share your passion at a forward-thinking Fortune 150 company. Establish yourself in a place where you can truly shine and create a brighter, more sustainable tomorrow.

Join our Exelon Business Services Company (BSC) to be part of a diverse and inclusive team that provides best-in-class professional services and adds exceptional value to Exelon’s family of companies. We provide financial, human resource, legal, information technology, supply management, communications, and corporate governance services.

Energize your career at Exelon!


Under the guidance and oversight of the Manager or Senior Manager, the Senior IT Auditor is a subject matter resource on IT risk areas, including cyber security, IT service delivery (Project Management, ITIL, Agile), infrastructure, architecture and cloud technology. The Senior IT Auditor leads assurance and compliance engagements, using the integrated DARE Engagement Framework to provide risk-informed insights and value-oriented recommendations to enhance the efficiency and effectiveness of processes and the control environment. Audit engagements include assurance and compliance work involving information technology (IT), security, system implementations and process transformations.


  • Lead the planning and execution of audit engagements in accordance with the DARE Framework (i.e. Define, Assess, Report and Enable).

o Define - Gain an understanding of the area under review to define specific engagement objective and scope utilizing various resources to identify relevant risks; e.g. background research, data analysis, client discussions, alignment with ERM/Compliance.

o Assess - Execute engagement plans to provide assurance, offer insights and recommend improvement opportunities. Complete required procedures (e.g. interviews, examine documentation, data analysis, targeted testing, and others).

o Report – Communicate results of engagements in a clear, concise manner while providing value-added insights, visualizations, and lessons learned to further improve the overall strength of the control environment and to help management meet stated objectives.

o Enable – Support business efforts to mitigate risks or address improvement opportunities as needed.

  • Contribute to department initiatives to elevate EAS team capabilities in Cyber security and IT risks. This includes development of risk considerations in cyber security, IT service delivery, IT infrastructure, architecture and cloud technologies.

  • Manage, monitor, and report on engagement progress (e.g. task completion, potential issues, items requiring escalation).

  • Supervise audit staff by providing guidance on audit procedures, reviewing work papers, providing timely feedback for continuous improvement and learning.

  • Validate completion of remediation actions from engagement reports (e.g. Test of design/operating effectiveness)

  • Identify continuous improvement opportunities in all aspects of the role (e.g. increase use of data analytics, automated testing, administrative tasks).




  • Undergraduate degree in Computer Science, Accounting, Engineering, Business or equivalent degree

  • Five to eight years experience in an IT or Security Audit/Advisory position or related field


  • At least 3-5 years experience in IT audit and cybersecurity using standard control frameworks (e.g. CoBIT, NIST, others)

  • Experience with audit/data analytics tools (e.g. TeamMate, SOXHub, Microsoft PowerBI)

  • Analytical Capability – Applies critical thinking and intellectual curiosity to solve complex problems by leveraging various tools and techniques

  • Risk and Controls – Demonstrates ability to identify, assess and mitigate risk to strengthen the control environment

  • Project Management – Ability to prioritize multiple activities /requirements and clearly report status

  • Advanced knowledge of operating systems (e.g. UNIX, Windows), databases (e.g. SQL Server, Oracle) and computing environments (e.g. mainframe, client/server, cloud-computing)

  • Strong understanding of business continuity and IT security concepts

  • Proficient with Office365 (Word, Excel, Visio, Planner, Teams)


  • Strong written and oral communication skills.

  • Courage to do the right thing for colleagues, customers, and the organization

  • Inclusive behavior in day to day conduct

  • Adapts to changing needs within the engagement and the department.

  • Promotes innovation within engagements or internal tasks

  • Leads, coaches, & engages team members

  • Ability and willingness to travel (20-25%)



  • Advanced/Graduate degree

  • Professional accreditation, e.g. CIA, CPA, CISA, CISSP, PMP


  • Hands on experience in any of the following areas: cyber security risk management, IT project management, IT service delivery (ITIL), Agile systems development, digitalization, IT infrastructure, systems architecture and cloud technology, data analytics and robotics process automation.

  • Experience with audit/data analytics tools (e.g. TeamMate, SOXHub, Microsoft PowerBI)

  • Energy Industry Experience


  • Level and depth of supervisory duties – Project-specific supervision of assigned staff.

  • Budget accountability, impact on asset management, and organization revenue - None

  • Level of independence, decision-making authority or strategic planning accountability – Limited to project needs

  • Internal and external contact relationships – Various internal stakeholders and external co-sourced consultants (based on project)

Job Accounting & Finance

Organization: BSC Audit and Controls

Title: Senior IT Auditor

Location: IL-CHICAGO


Requisition ID: 210505