Certified Information Systems Auditor

About The Position

Requirements

• Lead and execute comprehensive IT audits, including integrated audits, focusing on general IT controls, application controls, and security across various systems
• Develop and execute audit programs tailored to the organization’s transition from legacy platforms, such as SAP ECC, to a modern platform, such as SAP S/4 HANA
• Manage and perform Identity and Access Management (IAM) audits, reviewing provisioning, de-provisioning, role management, privileged access, and segregation of duties (SoD) to ensure compliance and security
• Conduct pre-implementation and post-implementation consultation and reviews of major software applications to identify control gaps and operational risks before go-live
• Analyze and evaluate IT risks within business processes, providing practical recommendations for remediation and control improvement
• Prepare detailed, well-written audit reports and present findings to management, clearly articulating risks and their potential impact
• Act as a subject matter expert and developer of tools, reports, and automations associated Internal Audit’s needs
• Stay current with industry trends, regulatory changes, and emerging technologies, including Artificial Intelligence (AI), to assess potential impact on the organization's control environment
• Strong interpersonal skills and a collaborative mindset to work effectively with auditees and management
• Minimum: High school diploma or GED
• A minimum of 5 years of progressive experience in IT auditing, internal audit, or risk management
• Active and current Certified Internal Auditor (CIA) certification, Certified Information Systems Auditor (CISA) certification, Certified in Risk and Information Systems Control (CRISC) certification, Certified Information Security Manager (CISM) cetficiation, Certified Information Systems Security Professional (CISSP) certification, required

Nice To Haves

• Preferred: Bachelor’s degree - from accredited university - Technology, Accounting, Business Administartion, IT, Information Systems or related field
• Preferred: Other - Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP)
• Prior experience in the upstream oil and gas (O&G) sector, understanding industry-specific processes and regulatory requirements, preferred
• Strong working knowledge of Cybersecurity concepts, frameworks (e.g., NIST, ISO 27001), and security controls
• Familiarity with risks and controls related to Artificial Intelligence (AI) and its governance
• Experience with SAP S/4HANA
• Deep, demonstrable experience auditing a mature, complex ERP system (e.g., SAP ECC, Oracle Financials/EBS, or similar enterprise platform), including knowledge of its architecture, security model, and key business processes
• Extensive experience conducting audits of Identity and Access Management (IAM) systems and frameworks
• Experience using and/or auditing cloud-based data analytics platforms (e.g., Power BI, Snowflake, Tableau, Databricks). This includes auditing data governance, ETL/ELT controls, access security, and data integrity within the data warehouse and BI tool ecosystem
• Exceptional written and verbal communication skills, including the ability to communicate complex technical issues to a non-technical audience
• Proven ability to lead projects, work independently, and manage multiple priorities simultaneously
• Comfort and experience in forming relationships with key individuals across the enterprise to better understand their needs and how Internal Audit might help

Responsibilities

• Provides input into the development of the annual risk assessment and provides recommendations on the Annual Audit Plan
• Plans and executes audit engagements or other testing relating to SOX, Operational, or other consulting and audit engagements
• Serves as 1st or 2nd level reviewer of audit engagements
• Prepares timely audit reports for executive management, the Audit Committee and the Board of Directors and act as the primary client liaison within Internal Audit for one or more VPs / division heads
• Researches new or technical subjects to support audits and proactively seeks relevant continuing education and training opportunities
• Provides feedback on performance of audit assignments, and trains / mentors lower-level auditors as needed
• Performs other duties as assigned