Advisor, Internal Audit, IT

About The Position

Requirements

• Bachelor’s degree in Computer Science or Information Systems is required.
• CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control) or CISSP (Certified Information Systems Security Professional) designation is required.
• 6+ years of applicable experience in IT audit, information security, or IT risk management, preferably within a global manufacturing environment.
• Detailed knowledge and testing experience with IT general controls (“ITGCs”) across all layers of technology to include the application, operating system, and database.
• Proven track record of managing or supporting IT audits and providing recommendations to senior leadership.
• Advanced IT Control Knowledge: Deep expertise in IT General Controls (ITGC) related to logical/physical security, change management, business continuity, and network layers.
• Technical Infrastructure Knowledge: Strong understanding of complex IT infrastructures, including cloud-based solutions (Google Cloud, Azure, and AWS platforms) and networking (firewalls, routers, active directory).
• Information Security Expertise: Expert knowledge of security standards (ISO-27000 series), frameworks (COBIT, NIST, COSO), and the current enterprise threat landscape as it relates to global manufacturing.
• ERP Proficiency: Strong experience auditing SAP or similar integrated business applications and their interfaces.
• Analytical Problem Solving: Ability to evaluate diverse factors and build business cases to provide high-impact recommendations to senior leadership.
• Communication & Diplomacy: Exceptional ability to communicate findings to "busy" auditees and management with tact, ensuring a collaborative approach to remediation.

Responsibilities

• Lead and conduct comprehensive IT audits and reviews of systems, applications, and IT processes, including complex audits for new acquisitions and emerging technologies.
• Conduct IT security audits across applications (ERP/SAP, Shop-floor, Quality systems), networks, operating systems, and databases, evaluating security vulnerabilities and coordinating audit scopes.
• Provide expert guidance to IT management on IT risk management, particularly regarding application and infrastructure security, and design risk and control matrices.
• Perform and review SOX effectiveness testing of IT key controls, including IT General Controls (ITGC), application controls, and key reports.
• Lead pre- and post-implementation reviews of major system enhancements or new global deployments to ensure control integrity.
• Interface with senior managers on IT expertise areas, coordinate action plans with management, and lead follow-up activities for deficiency resolution.
• Participate in the formulation of the annual audit plan, defining scope, purpose, and objectives of IT-specific audits, and act as a liaison to outsourced and external auditors.
• Interact with and influence management on significant IT and security issues, ensuring cost-effective solutions for improved controls and business operations.