Director, IT Audit

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Systems, Accounting, Finance, or related field
• Technical certification (e.g., CISA, CPA, CIA)
• 10+ years of work experience in managing and/or assessing technology risk and controls
• Experience auditing CI/CD pipelines, DevOps environments, and emerging technologies, including governance, risk, and control considerations for AI/ML tools and applications
• Familiarity with COBIT, NIST, FAIR, or other governance/security/risk management frameworks
• Expertise and extensive experience with leading and performing SOX technology program design, control implementation, and monitoring of the SOX program
• Working experience with using AuditBoard to manage the audit and SOX lifecycle
• Strong communication skills, including presenting to senior audit, technology, and business leaders
• Strong supervisory and time management skills and experience in managing a staff of diverse professionals
• Demonstrated success managing concurrent workstreams/projects independently
• Domestic US travel can be up to 25% pending approved annual Corporate Audit Plan or organization needs

Nice To Haves

• Master’s degree
• Big 4 audit firm or equivalent audit experience
• Experience and knowledge of technology controls supporting the Media and Entertainment industry

Responsibilities

• In coordination with the broader Corporate Audit Risk Assessment, work to create the annual risk-based IT audit plan to address key technology risks within the business and leverage relationships with business partners and industry thought leaders to obtain input for the plan
• Oversee the execution of all phases of the audit fieldwork, supervising a team of internal and co-sourced professionals
• Review draft audit findings, and ensure issues are appropriately vetted and constructed
• Own development of IT audit reports, including timely presentation of results to Audit Leadership and Senior Management
• Work at a detailed level, but also communicate complex IT concepts into easy-to-understand discussion topics
• Evaluate the adequacy and timeliness of management's response and follow up on the corrective action taken on all audit findings noted in the reports
• Support with preparation of annual SOX risk assessment with an IT focus to identify technology risks impacting internal controls over financial reporting, identify related IT dependencies, and scope key systems, applications, and tools within the SOX program
• Collaborate cross-functionally to design leading-edge practices with a financial compliance mindset across several complex technology systems and processes, including ERP controls, comprehensive SDLC controls, and DevOps & continuous deployment
• Conduct and lead SOX IT walkthroughs across all systems, applications, and tools and work with system owners to ensure timely review and updates to the control documentation, including documentation of the key IT dependencies (reports, automated controls, interfaces)
• Work closely with IT and engineering leaders in providing internal control guidance in the development and enhancement of technology processes and controls
• Build strong relationships with senior business leaders as a trusted business partner to provide subject matter insight into IT internal controls and risks
• Monitor and assess emerging technology risks with the growth and evolution of the business and develop plans to implement appropriate controls to address these emerging risks
• Provide reporting to technology and other business leaders on IT SOX program status, health, and effectiveness of the technology control environment
• Maintain a strong knowledge of overall business issues. Understand the company structure and functional responsibility
• Assess IT control efficiency and effectiveness of a business unit and align with the company-wide strategy and objectives
• Liaison with the external auditors in responding to any issues on a timely basis and coordinating audit/review procedures as required
• Coordinate the SOX Quality Review program managed by the Senior Director of Internal Controls to ensure external audit reliance
• Develop and maintain the management SOX IT Playbook for IT SOX Implementation & Testing Strategy
• Monitoring the status of 3rd party SOC reporting and management review process in collaboration with the Senior Director of Internal Controls

Benefits

• This role is also eligible for an annual discretionary bonus, various benefits, including medical/dental/vision, insurance, a 401(k) plan, paid time off, and other benefits in accordance with applicable plan documents.