The Senior IT Auditor is responsible for leading standard information technology (IT) audits and participating in other audit-related activities, with limited supervision. This role will also perform IT control testing and workpaper review for complex technology and cyber security audits and IT SOX controls. This individual will partner with financial and operational auditors to assess both IT and operational controls, including those related to projects, which cover new system implementations, system upgrades, and system replatforms.
This role will work closely with the Company's external auditors to support efficiency in the Company's external financial statement audit. This role may supervise other internal audit team members or interns and be responsible for first level audit workpaper review, providing feedback and coaching accordingly.
SOX Technology Control Testing (45%)
Participate in the annual SOX risk assessment, mapping IT assets and technologies to key financial processes and controls.
Design tests of controls used to evaluate the operating effectiveness of IT General Controls within SOX scope.
Support technology internal control evaluation and substantive testing for the financial statement audit
Technology Audit (45%)
Independently execute the full lifecycle of standard technology audits, including planning, scoping, risk assessment, control identification and testing, issues management, and reporting.
Participate in complex technology audits and cross-functional operational audits with other Internal Audit team members, performing testing and issues management.
Periodically supervise more junior staff in executing tests of controls and detail review the workpapers of others.
Develop new testing methods to advance internal audit testing, including through the use of analytics and automation.
Participate in annual IT risk assessment activities to build and refine the broad IT audit universe and facilitate maintaining a multi-year technology audit plan.
Other Duties (10%)
Participate in the continuous improvement of the Internal Audit Department, including providing training and feedback related to audit activities.
Potential direct supervision of 1 intern.
Support company-wide initiatives, such as sustainability practices, enterprise risk management programs, and other projects at the Company (M&A, etc.), This role will be viewed as a subject matter expert and need to manage the expectations of a broad and complex mix of audit stakeholders.
Bachelor's Degree in relevant discipline required (e.g. Accounting, Business Administration, Finance, Information Technology, or equivalent)
CISA, CPA, CIA, CFE, CRISC, or other relevant audit or risk management certification, obtained or actively pursuing
3+ years of experience in 1 or more of the following: internal or external audit, IT risk management, Information Security, IT Compliance, Privacy, or IT controls (ex. change management, access controls, incident management, etc.)
Experience translating complex concepts (business and technical) into levels appropriate for diverse audiences
Experience developing and presenting materials to management
Experience with data analytics or robotic process automation
Understanding of risk-based auditing and applying various IT audit frameworks to design audit or control programs
Experience participating in full lifecycle technology audits from planning through reporting
Experience participating in the systems development lifecycle, providing guidance on the implementation of sound IT general and data protection controls
Understanding of business process controls
Experience in process improvements & control efficiency evaluations, including for SOX