Sr. Auditor, IT Internal Audit

About The Position

Requirements

• Genuinely inquisitive, leveraging the right questions and tools to absorb and analyze facts, identify problems, and recommend improvements.
• Organized, with a knack for planning and execution, from initial identification of objectives to structuring a work plan for execution, enabling management of multiple projects concurrently to meet deadlines and deliver on customer commitments.
• Communicate clearly and effectively – both in written and verbal scenarios, to effectively convey messages, showcase subject matter expertise, and drive consensus in decision-making.
• Model and encourage teamwork, inclusion, and diverse viewpoints, motivating and persuading others (including associates in Audit Services and business partners across the organization), even without authority.
• Bachelors degree, preferably in Computer Science, Accounting Information Systems, Accounting/Finance, or other related business field.
• 4+ years of information systems auditing experience or other relevant work experience in an IT internal audit or other IT risk/compliance/consulting function.
• Detailed knowledge and testing experience with IT general controls (“ITGCs”) across all layers of technology to include the application, operating system, and database.
• Understanding of traditional and emerging technology domains, including cybersecurity, cloud, artificial intelligence, infrastructure, networking, data warehouses, integration strategies, IT operations, IT risk management, and IT governance.
• Technical skills and capabilities to support audits of complex technology areas and a desire to learn and develop knowledge of CarMax’s technology suite, tools etc. (e.g. ERPs, custom applications, security and coding tools, SQL scripting, database structure design, robotic process automation).
• Prior experience performing risk assessments, scoping activities, test planning, and walkthroughs in support of IT audit projects.
• Prior experience assessing the design and operating effectiveness of technology controls, including testing complex ITGCs across a variety of technologies/systems.
• Prior experience testing configurable and automated controls in support of business and technology processes.
• Prior experience testing completeness and accuracy of reports and integrations.
• Prior experience evaluating processes to identify controls and the associated system dependencies.
• Prior experience performing system development and implementation reviews, including experience with Agile methodologies.

Nice To Haves

• SOX 404 Experience.
• Experience with tools and technologies to facilitate fieldwork and data analysis (SQL, Alteryx, Python, etc.).
• Use of robotic process automation (RPA) and artificial intelligence (AI) to enhance audit efficiency, improve risk detection, and deliver actionable insights.
• Retail industry and/ or financial services knowledge; preferably within a publicly held company.
• Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC).

Responsibilities

• Perform and lead audits and reviews of various regulatory, operational and/or technological processes and controls, including integrated audits and the annual SOX IT audit.
• Consult with a risk-based mindset to provide guidance and assurance in pre-implementation reviews, company initiatives, and other process and system enhancements as requested by the business; ensure controls are implemented to mitigate risks (operational, regulatory, reputational, strategic, and financial risk).
• Use and develop critical tools such as risk assessments, audit programs, and testing/review procedures to identify risk, tailor work appropriately, reach conclusions, and explore solutions.
• Lead and execute fieldwork to prepare high-quality workpapers summarizing procedures performed.
• Maintain strong business relationships and coordinate cross-functionality to align on risk, scope of work and results.
• Promote innovative and forward-looking problem solving to target root cause; provide recommendations contributing to operational excellence.
• Leverage creativity to organize and present key project information through a variety of communication methods and tools, focusing on high-impact, high-value deliverables.
• Champion a culture of risk awareness and internal controls, providing innovative and value-added insights to drive improved process efficiency and effectiveness for CarMax.
• Stay abreast of key changes, trends, and best practices within CarMax, the audit profession, the technology industry, and relevant regulatory environment.
• Help lead department initiatives to identify efficiencies and improvements in work execution and internal processes.