DESCRIPTION OF DUTIES
The IT Internal Audit Manager contributes to the mission of the Internal Audit function by promoting and ensuring an effective control environment through professional IT risk assessments, IT audits, awareness and education and consultation services. The IT Internal Audit Manager will have a deep understanding of risks associated with technologies, including AS400 and SAP, with proficiency in system security, change management and able to assess application level controls such as configurations, transfer of data from one environment to another and data integrity. This position is responsible for assisting the Director of Internal Audit in the development and execution of the IT Audit Plan and in the oversight of outsourced IT audit activities.
location: Charlotte, North Carolina
job type: Permanent
salary: $115,000 - 130,000 per year
work hours: 8 to 6
DUTIES AND RESPONSIBILITIES:
- Build a technical and cross-disciplinary IT audit team.
- Perform IT risk assessments and assist in the prioritization of IT Audits.
- Plan, execute and report results of information system and technology audits across the company.
- Evaluate efficiency & effectiveness of IT and operational processes.
- Oversee IT SOX related testing program and coordinate with SOX IA management.
- Manage system development pre-implementation reviews and integration reviews for new acquisitions.
- Evaluate the adequacy of the security and processing controls as they relate to each audit, and the effectiveness of general computer controls in the IT environment.
- Provide technical guidance to audit and business unit personnel with respect to information systems, technology architecture, and security matters.
- Monitor the project status of disaster recovery testing, business continuity planning, and other activities related to IT processing.
- Manage the budget and deadlines for timely completion of audits.
- Ensure audit work papers prepared according to department guidelines and professional standards.
- Oversee outsourced resources to ensure a timely and efficient completion of audits.
- Present audit findings or other relevant information to key stakeholders on the effectiveness and adequacy of risk management, governance, and internal control procedures.
- Track management remediation and action items as a result of audit findings
- Actively develop, train, and supervise internal talent on a regular basis.
- Fosters the Company Culture in the department and throughout the company to ensure fulfillment of Company's vision and unity of purpose.
- Participation in special project and performs additional duties as required.
EDUCATION AND EXPERIENCE:
- Bachelor's degree in Management Information Systems/Information Technology, Computer Science or Business (Accounting, Finance or related) required
- 6 years minimum experience in information security audit required AND at least 2 years supervisory experience required
- Experience in auditing applications, interfaces, system infrastructure, information processing and general IT controls; including such areas as: -application security management (user entitlements, authentication, accountability, data protection)
- System architecture and design (availability, performance, scalability, data integrity)
- Technology operations (change management, data backup and retention, performance and capacity management)
- Technology governance (technology risk management, policies and procedures, rules, regulations, intellectual property)
- Experience with AS400 is preferred.
- Strong working knowledge of standard concepts and practices of internal auditing, particularly the Institute of Internal Auditor (IIA)'s Standards for the Professional Practice of Internal Auditing and the Information Systems Audit and Control Association's Standards for Information Systems Auditing (ISACA)
- Understanding of leading risk and controls frameworks and standards such as COSO, COBIT, ITIL, NIST, CIS, etc.
- Familiar with reviews of reports of third party service providers (SOC 1, SOC 2 reports)
- Experience in evaluating the design and operating effectiveness of internal controls
- Experience in reviewing audit work papers
- Minimum CISA/CRISC, CITP designation or equivalent required
- Proficiency using software applications including query tools, databases, spreadsheets, word processing and presentation software (Microsoft Office, Visio, etc.)
- Excellent verbal and written communications skills required.
- Highly organized and detail-oriented with ability to set priorities and to respond to changing demands from multiple sources in a fast-paced environment.
- Ability to effectively interface with management at all levels, as well as, contacts outside the organization such as external auditors
- Ability to follow through, meet deadlines, anticipate requirements and build relationships.
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.