IT Audit Manager
Description:
Overview:
Join our dynamic technology team as an experienced IT Audit Manager. In this pivotal role, you will lead critical audits focused on SOX compliance, system integration risks, and IT controls. You will manage a team of full-time and seasonal auditors to execute the annual audit plan crafted by the Director of Audit, ensuring that IT general controls (ITGCs), application controls, and cybersecurity risks are thoroughly evaluated.
Responsibilities:
SOX Compliance & IT Controls:
Oversee ITGC SOX 404 audits, ensuring management compliance with regulations and company policies. Assess ITGCs and automated controls, identify gaps, and partner with IT management on remediation plans. Collaborate with IT and business teams to monitor user access controls, change management, and data integrity.
System Integration & UAT Risk Management:
Facilitate audits of the Secure System Development Lifecycle (SSDLC). Evaluate risks tied to system implementations and integrations, ensuring adherence to control frameworks. Audit UAT processes for major changes and validate management’s risk mitigation processes.
Risk Assessment & Audit Execution:
Conduct IT risk assessments identifying emerging technology risks, including cybersecurity and regulatory compliance. Lead audits from planning to reporting, ensuring a risk-based approach that delivers valuable insights.
Collaboration & Advisory Role:
Serve as a trusted advisor to IT and business leadership, offering insights into IT governance and compliance best practices. Collaborate with project teams to integrate audit considerations early in system development.
Qualifications:
Bachelor's degree in Information Technology, Accounting, Business Intelligence & Analytics, or Computer Science; MBA preferred.
6 - 8 years of experience in a publicly traded company or Big 4 accounting firm.
Strong grasp of SOX 404 requirements, ITGCs, application controls, and COSO/COBIT frameworks.
Experience with system implementation reviews, UAT, and change management.
Familiarity with ERP systems (e.g., Oracle), cloud computing risks, and cybersecurity frameworks (NIST, ISO 27001).
Relevant certifications preferred (CISA, CISSP, CPA, or CIA).
Excellent communication and stakeholder management skills, able to influence and drive change.
Willingness to travel up to 20% of the time.