➽ Be the main point of contact for IT and assist on all internal and external audit teams where IT
inquiry is required.
➽ Monitor activities of assigned IT areas to ensure compliance with internal policies and procedures
including monthly, quarterly, and annual account and activity reviews.
➽ Assist in supporting current and future compliance related responsibilities (SOX, SOC2, ISO,
SEC, etc.)
➽ Gather evidence required for internal and external audits.
➽ Develop IT General Control procedures and policies. Provide guidance in implementing ITGC
controls.
➽ Reviews analyze and interpret controls for design and operational effectiveness to determine
adherence to regulatory, contractual, and corporate policies and standards.
➽ Ability to manage Sarbanes-Oxley IT General Control testing and certification requests from
Internal and External Auditors.
➽ Identifies, quantifies, tracks, and leads mitigation of risks and control exceptions and
communicates results to department leadership. Supports and interprets information
provided by Internal/External Audit for relevant compliance concerns.
➽ Make broad recommendations on improving compliance related processes and/or
procedures as it pertains to the IT department.
➽ Partner with management, business teams, and/or data team to implement solutions.
Requirements
➽ BA/BS in a business related field and/or equivalent years of education and experience working in
a related field.
➽ 3-5 years experience in Information Technology or Information Security experience. Big 4 auditing
experience is a plus.
➽ Identity Access Management tool/RBAC experience a plus.
➽ Experience testing controls and the documentation of those tests as it relates to frameworks
such as COSO, COBIT, NIST Cyber Security Framework, and/or ISO 27001.
➽ Familiarity with common compliance standards (SOX, SOC2, PCI-DSS, GDPR etcCOSO,
COBIT, NIST Cyber Security Framework, and/or ISO 27001.) and experience working directly
with internal or external auditors for at least one of the listed standards. (previous external
audit experience a plus).
➽ Excellent interpersonal, verbal, and written communication skills with the ability to communicate
compliance related concepts to a broad range of technical and non-technical staff.
➽ Successful experience working, collaborating, and establishing credibility and relationships with
senior leadership, colleagues, and clients.
➽ Demonstrated success working with internal audit, external auditors, outside consultants, and
legal affairs.
Preferred
➽ Certified Information Systems Auditor (CISA) and/or Certified Information Systems Security
Professional (CISSP) preferred.
