IT Internal Audit Senior

About The Position

Requirements

• Bachelor’s degree in a major or concentration relevant to the position, such as Accounting, Business Administration, Risk Management, Information Systems, Management Information Systems, Computer Information Systems, or a related field
• Four (4) years of experience in IT audit, IT risk and compliance, or external audit with a strong IT audit component.
• Experience testing IT General Controls (ITGC) and IT Application Controls (ITAC) in a SOX environment.
• Working knowledge of IT control frameworks including COBIT, COSO, NIST, and ISO 27001.
• Familiarity with ERP systems (SAP, Oracle, NetSuite, or similar) and how IT environments interface with financial reporting.
• Strong documentation skills; ability to write clear work papers, audit findings, and executive-level internal audit reports.
• Proficiency with audit/GRC tools (e.g., AuditBoard) and Microsoft Office Suite.
• Strong analytical mindset with excellent attention to detail and professional skepticism.
• Ability to clear required background check

Nice To Haves

• Master’s Degree/MBA
• Ability to analyze and solve problems relating to auditing, business processes, systems, and related disciplines
• Big 4 or large regional public accounting experience with an IT audit focus.
• Experience auditing cloud environments (AWS, Azure, GCP) and SaaS platforms.
• Exposure to cybersecurity auditing, vulnerability management, and/or third-party/vendor risk assessments.
• Experience with data analytics tools (ACL/Galvanize, IDEA, Power BI, Alteryx, or Python) applied to audit testing.
• Experience auditing a public company
• Strong organizational skills, with the ability to appropriately prioritize workload while showing resilience and calmness under pressure
• Effective communication skills, both oral and written
• Excellent interpersonal skills and high emotional intelligence
• Strong ability to take initiative
• Ability to foster a friendly and inclusive work environment for team members
• Demonstrated high level of integrity
• Familiarity with data analysis, systems, or technology-enabled processes is a plus
• CISA, CISSP, CIA (Preferred)

Responsibilities

• Plan and execute risk-based IT audits covering areas such as cybersecurity, cloud infrastructure, access management, change management, data governance, and IT operations.
• Conduct IT audit walkthroughs and interviews with IT process owners to document current-state processes and identify control gaps.
• Design and perform test procedures to evaluate the design and operating effectiveness of IT controls.
• Document audit work papers in accordance with internal methodology and professional standards (IIA, ISACA).
• Draft IT audit reports with clear findings, root cause analysis, risk ratings, and practical remediation recommendations.
• Monitor and validate the timely remediation of IT audit findings and management action plans.
• Lead and execute SOX ITGC testing across key control domains: logical access, change management, computer operations, and data backup/recovery.
• Perform IT Application Controls (ITAC) testing, including input, processing, and output controls for financially relevant applications and interfaces.
• Maintain and update IT SOX control documentation including Risk and Control Matrices (RCMs), process narratives, and flowcharts.
• Coordinate IT SOX testing activities with external auditors to maximize reliance on internal work and minimize duplication of effort.
• Assess and communicate the severity of identified control deficiencies (deficiency, significant deficiency, or material weakness) and support management in developing remediation plans.
• Support management's annual assessment of Internal Controls over Financial Reporting (ICFR) as it relates to IT systems.
• Coordinate co-sourced audit resources by assigning work, overseeing execution, and reviewing workpapers to ensure quality, consistency, and adherence to audit methodology.
• Partner with IT, Information Security, Finance, and business process owners to promote a strong internal control environment.
• Provide guidance and training to control owners on SOX IT requirements, testing expectations, and control best practices.
• Identify opportunities to leverage data analytics, automation, and continuous monitoring to enhance audit efficiency and coverage.
• Stay current on emerging IT risks, regulatory developments, and industry frameworks (COBIT, NIST, ISO 27001).

Benefits

• health benefits
• retirement contributions
• paid time off