
Description
Company Overview:
General Summary:
Leading and conducting complex IT, system security, operational, compliance, and Sarbanes-Oxley audits including preliminary planning of an audit's scope and execution, preparing and interpreting work papers, proposing value-added recommendations based upon research and analysis of results, drafting final deliverables, reviewing the results with Internal Audit management and conducting follow-up work for assigned management action plans. Assists less experienced auditors and directs their work as necessary.
Job Details:Duties & Responsibilities:
- Manage and/or execute Sarbanes Oxley control testing, process walkthroughs, and year- end testing to meet deadlines established by management and the external auditors.
- Identify risks, controls, and gaps within the Company's processes or systems. 10%
- Develop audit programs that proactively address organizational risks and align with the strategic priorities of leadership. 15%
- Lead in-depth IT and integrated audits by evaluating applications, system operations, and supporting infrastructure through the full audit life cycle from planning through fieldwork execution and reporting. 35%
- Manage the management action plan oversight process. 10%
- Build and maintain strong relationships with stakeholders across the organization to foster effective collaboration and communication. 5%
- Provide guidance and support to team members, helping them navigate complex audit scenarios and develop their skills.
- Mentor and develop a team of auditors, fostering a culture of continuous learning, professional growth, and high performance. 5%
- Keep current on evolving technologies in the areas of auditing, information security & technology, business & organization initiatives, and maintain professional certifications.
Knowledge, Skills and Abilities (KSAs):
- Clear understanding of IT and financial risks as well as their impact on the business from both technical and procedural perspectives.
- Strong understanding of general IT controls, application controls, security controls, and well- known IT security frameworks (e.g. COBIT, ISO 27000, NIST SP 800, etc.).
- Knowledge of regulatory requirements related to general IT controls and security such as privacy, Sarbanes-Oxley, PCI, and HIPAA.
- Experience working independently as well as collaboratively across teams.
Attention to detail and the ability to provide innovative insights and creative solutions.
Ability to thrive in an environment were giving and receiving feedback is an expectation and norm.
- Proven ability to develop and mentor team members, fostering a culture of growth and collaboration.
- Strong leadership, critical thinking, analysis, and problem-solving skills.
- Established experience with auditing network devices (e.g., IDS/IPS, firewalls, VPN, etc.), server platforms (e.g., Windows, Linux, AS 400, etc.), database platforms (e.g., Oracle, SQL, etc.), and security controls.
- Experience with MS Office applications and other data analysis tools such as ACL, Access or other SQL-based tool(s).
- Ability to analyze data sets and/or use technology to increase efficiency such as automating manual or repetitive activities.
- Be able to travel when necessary.
Work Experience &/or Education:
- Bachelor's degree in an engineering/technology related area of concentration like Information Technology, Engineering Technology, Computer Science, Data Science, Management Information System, etc.).
- Minimum of five years of related experience (including IT operational auditing, process improvement assessments, SOX, and/or compliance projects) is required.
- Advanced degree and CISA, CISSP, or equivalent certification (or progress toward) preferred, but not required.
Apply on company website