Manager, Internal Audit Information Technology (Job ID 2111474)
Boca Raton, Florida
Categories Accounting and Finance, Internship, Cybersecurity
Reporting to the Director of Internal Audit, the Audit Manager of Information Technology oversees a staff of IT auditors responsible for auditing information systems, platforms, and operating procedures in accordance with established corporate standards for efficiency, accuracy and security, including but not limited to IT Compliance Audits, Cyber Security and Data Privacy Audits, Threats and Vulnerability and Penetration Audits, Pre/Post-Implementation System Reviews, as well as other ad-hoc advisory projects to assess and report on IT risks. This position may also be required to assist with SOX related activities.
The Manager of Internal Audit will serve as a thought leader and subject matter expert in the area of IT assurance and industry best practices and emerging trends to continually improve the organization’s control environment and risk management. This person will be required to develop analysis, reports, recommendations, and insights gained from assurance-related activities and identify meaningful patterns that may be indicative of pervasive and high-risk technology issues and risks. A demonstrated understanding and background of IT audit and general business knowledge is required.
The position will be responsible for overseeing a team IT auditors as well as engaging, managing and reviewing the work of outside consultants/advisors as needed.
Position Objectives & Responsibilities:
- Develop and maintain the IT Audit Risk Assessment under the oversight of the Director in alignment and coordination with key stakeholders (IT, Information Security, IT PMO, etc.) and lead its execution
- Assist with the execution of the audit strategy based on the approved audit plan, including defining audit objectives, risk-based scope, budget, timeline, resource allocation
- Lead audit team through the planning, execution and reporting of IT audits and reviews of systems, applications, and IT in accordance with audit standards and methodology, including but limited to:
- Pre- and post- implementation reviews of system implementations or enhancements;
- IT security audits (e.g. network, operating system, and data center), including evaluating if security vulnerabilities are properly identified and mitigated
- IT compliance reviews, including SOC 2, CCPA / GDPR, and others as required.
- Other reviews of IT management policies and procedures such as change management, business continuity planning/ disaster recovery and information security to ensure that controls surrounding these processes are adequate
- Prepare, report, and communicate audit results to Senior Management and other key stakeholders and ensure audit findings clearly communicate risk and root cause and effective recommendations are provided
- Ensure audit documentation meets audit standards and monitor information security standards, best practices and applicable laws and regulations
- Develop, build and implement tools to analyze data to improve audit efficiency and effectiveness
- Participate as a delegate in management committees and reviews around new systems, acquisitions and other IT initiatives as needed
- Assist and educate senior management in defining the control objectives and monitoring remediation activities
- Assist with developing ad-hoc and monthly/ quarterly reports for management reporting
- Lead the development of business talent through timely coaching and appropriate training to ensure the audit team has the skills and competencies needed to execute the audit response plan
- Develop strong, professional, and independent relationships with senior leaders
- Assist with the coordination and alignment of audit activities and results with external auditors.
- Coordinate all audit activities with other Internal Audit managers as well as IT Management
- Bachelor’s degree required and master’s degree preferred (coursework in areas of study, including but not limited to computer science or engineering, management information systems, business, accounting, or finance).
- Certification required (i.e. CIA, CISA, CISM, CISSP)
- Understanding of multiple technology domains required, including software development life cycle, Windows and UNIX OS, database management systems (MS SQL, Oracle, DB2,), mobile device management (“MDM”), cloud computing systems (include Software as a Service “SaaS” and other vendor-hosted solutions), networking infrastructure (e.g. firewalls), and robotic process automation (UiPath). Experience with cloud ERP and Galvanize Highbond (or similar GRC/audit software) preferred.
- Working knowledge of common code languages is strongly preferred (e.g. SQL, C++, C#, and/or Visual Basic, Python).
- Understanding of information security standards, best practices for securing computer systems, and applicable laws and regulations. (E.g. ISO 27001, COSO 2013, SSAE-18, CCPA / GDPR.)
- Audit/assurance experience required. Big 4 experience preferred.
- 6+ years of related work experience and 3+ years of direct management experience
- Project management experience with the ability to organize and manage multiple priorities simultaneously
- In-depth understanding of core information technology processes and controls, information security, current trends in corporate information technology and emerging themes in the marketplace
- Possess a high energy level and strong work ethic with a commitment to continuous improvement in a dynamic and changing environment
- Strong interpersonal and team skills
- Strong presentation and communications skills (written and oral), with the ability to communicate effectively with technical and non-technical audiences.
- Proficient analytical skills
- Proactive, hands-on, results-driven orientation required.
- Ability to blend exceptional attention to detail with an ability to retain strategic direction within a rapidly evolving entrepreneurial business culture.
- Travel up to 15%
- Effective leader – able to build high-performing teams and develop others
- Managerial courage – says what needs to be said by providing current, direct, complete, and actionable constructive feedback to others
- Strong interpersonal skills including influencing skills and the ability to communicate with all levels and functions in a corporate enterprise
- Analytical focus – and creating action plans from data/trends
- Able to deal with ambiguity, yet still make good quality decisions