The Senior IT Auditor is responsible for planning and executing IT audits, including SOX IT general controls (ITGCs), application controls, cybersecurity reviews, and IT operational audits. This individual will partner with IT, Finance, and business process owners to evaluate risks, ensure compliance, and recommend improvements to enhance IT governance and control effectiveness.
Responsibilities:
IT SOX Compliance
- Perform walkthroughs and testing of ITGCs (e.g., access controls, change management, computer operations, backups, and disaster recovery) to support SOX compliance.
- Evaluate automated application controls and their impact on financial reporting.
- Coordinate with external auditors to enable reliance on IT SOX testing performed by Internal Audit.
- Identify IT control deficiencies, assess risks, and partner with IT management to remediate gaps.
IT & Cybersecurity Audits
- Plan and execute risk-based audits of IT systems, infrastructure, and applications.
- Review cybersecurity controls, data protection practices, and incident response processes.
- Evaluate IT governance, system implementations, and project management practices.
- Assess compliance with policies, standards, and regulatory requirements related to IT and data security.
Operational & Advisory Support
- Contribute to the annual risk assessment process with a focus on technology and cybersecurity risks.
- Provide advisory support on IT initiatives, including system upgrades, ERP implementations, and emerging technologies.
- Recommend opportunities to improve IT efficiency, effectiveness, and security posture.
- Support investigations into IT-related incidents or control breaches as needed.
Reporting & Collaboration
- Prepare audit workpapers, reports, and presentations that clearly communicate risks, findings, and actionable recommendations.
- Work closely with IT leadership, Finance, and Operations to ensure audit results are understood and remediation plans are implemented.
- Present findings to senior management.
Qualifications & Competencies:
- Bachelor’s degree in Information Systems, Computer Science, Accounting Information Systems, or related field.
- Professional certifications strongly preferred (CISA, CISSP, CISM, CPA, or equivalent).
- 4–7 years of progressive IT audit, IT risk management, or IT compliance experience; experience in public companies or public accounting (Big 4 / national firm) a plus.
- Strong knowledge of ITGCs, SOX 404 requirements, COSO, COBIT, and NIST frameworks.
- Familiarity with cybersecurity concepts, cloud environments, ERP systems, and emerging technologies.
- Strong analytical, technical, and problem-solving skills with the ability to evaluate both IT and business risks.
- Excellent written and verbal communication skills; ability to simplify complex technical topics for non-technical stakeholders.
- Ability to manage multiple projects independently in a fast-paced, global environment.
