Sr. IT Auditor – Controls Assurance Audit Team

Sr. IT Auditor – Controls Assurance Audit Team

Requirements

• 3-5 years of relevant audit and risk management experience.
• Knowledge of auditing principles and practices, and the analysis and reporting of audit information. knowledge of IPPF Standards, IIA best practices, auditing principles and practices, as well as the analysis and reporting of audit information.
• Bachelor’s degree in Accounting, Auditing, Business Management, Information Technology, or other similar degrees.
• Significant experience and expertise with common internal control frameworks and guidance, including Sarbanes-Oxley, SSAE 18 (SOC 1 and SOC 2, both type 1 and type 2 reports), and 2017 AICPA Trust Services Criteria for a SOC 2.
• CIA, CISA, CISM, CISSP, CCAK, CPA, or other relevant certification(s).
• 10-15% travel requirement, including some international travel.

Responsibilities

• Works with internal business leaders to understand the current mainframe, distributed, and AWS cloud environments to document controls in support of SOC and SOX scope.
• Works with external audit firms to ensure documented controls meet SOC 1 and SOC 2 framework requirements.
• Works with the CA team to lead testing (including both executing and reviewing control testing) of new controls in alignment with Internal Audit (Audit Services Group/”ASG”) and Controls Assurance testing and documentation standards.
• Works with existing Controls Assurance team members to assess the current control environment as translated into the new cloud environment to ensure consistent control coverage between current and future state.
• Fosters and maintains strong relationships throughout the company to support audit execution responsibilities. Viewed as a partner with IT and business leaders to understand the business and assist in designing and delivering the required audit services to meet business, customer, and regulatory requirements.
• Establish trusted relationships to support delivery of effective, successful, and well-received audit services. Considered a go-to leader within the organization regarding risk and control matters.
• Ensures SOC reports support our customers’ use of Global Payments (TSYS Issuing) solutions by understanding Global Payments businesses and the integration of product/service, operations, and technology that impact internal controls supporting our client’s financial, data processing, and information security environments.
• Conduct assurance reviews and audits to evaluate the design and effectiveness of controls supporting the company’s business processes and information systems.
• Lead and execute all aspects of the audit process, including planning, risk assessment, controls identification, client coordination, fieldwork, data analysis, work paper documentation, reporting, and remediation validation, with direction from senior team members.
• Understand business and IT processes to identify risks and evaluate internal controls.
• Document thorough understanding of business processes, including the role of technology in supporting the process. Effectively perform testing of automated business process controls and IT general controls.
• Identify new and assess existing information technology control design and operating effectiveness, particularly related to application and infrastructure logical access, change management, and operations, as well as more common information security considerations.
• Evaluate root cause factors, extent of risk, and mitigating/compensating controls for audit testing exceptions and work with internal leaders to craft management responses for SOC reporting.
• Provides first level of detail review of work paper documentation to ensure audit testing work papers are documented in a consistent and high quality manner while executing project tasks in adherence to established timelines.
• Partners with the project manager to assess the adequacy of the corrective action(s) taken by management, stakeholders, or process owners to improve governance, risk management, and control issues.
• Tracks and reports project status and milestones to project leadership and/or management.
• Discusses audit results, their impact and recommendations for corrective actions with the project manager, external audit partners, and/or management.
• Build and develop Audit Services Group’s brand within the company through meaningful relationship building.
• Coordinate audit activities with management, co-source providers and external auditors.
• Enable continuous improvement of the Audit Services Group by identifying and communicating enhancement opportunities to department leadership.
• Support the development of other team members within the Audit Services Group.

Preferred Qualifications

• Experience with multiple internal control frameworks, including NIST, Cloud Controls Matrix, AWS Cloud Adoption Framework, COBIT, FFIEC, PCI-DSS, ISO27001, and ITIL
• Big Four or similar firm audit experience.
• Card Issuing, Payment Processing, Financial Services industry, Merchant Acquiring, and Consumer and Business Financial Solutions experience