|Date Posted||April 6, 2018|
Global IT Governance & Audit Manager
The Global IT Governance & Audit Manager ensures that IT governing processes and related technologies meet the service level requirements while balancing risk and costs to achieve. These key controls enable the Company’s achievement of ongoing internal IT standardization, compliance, and related annual SOX financial compliance, as well as overall IT solution throughput.
JOB FUNCTIONS: Primary job functions include, but are not limited to the following;
- Regularly assess IT governing control risks and capability maturity model levels, identify gaps, and create prioritized remediation plans for continuous improvement across the Company’s global locations.
- Proactively collaborate with IT process control owners to ensure that internal controls over IT capabilities supporting governance and financial reporting are effectively designed and sufficiently documented within the Company’s SOX documentation requirements.
- Coordinate and liaison with internal and external audit entities to support assessing, testing, and remediating control exceptions for existing Company sites as well as newly acquired sites.
- Serve as primary IT point of contact for the Company’s Chief Audit Officer and internal and external audit team leads to ensure IT controls compliancy during annual testing events to ensure that IT support and oversight of the following financial audit processes are carried out;
- Review audit test results of the effectiveness of controls identified and documented with SOX process narratives
- Communicate gaps (i.e., control exceptions and deficiencies) identified in the testing to business and/or IT control owners as required, and assist them in designing remediation efforts.
- Evaluate, document, and report control deficiencies to Senior Management
- Facilitate and monitor the remediation progress of control deficiencies ensuring deadlines are adhered to.
- Identify opportunities for enhancements of the efficiency and effectiveness of business processes and control activities.
- Work closely with IT control and process owner management to develop a cohesive understanding of existing and new key systems and capabilities as they relate to governing control requirements.
- Review and evaluate Company environment including IT systems, processes, and controls to ensure compliance with prevailing privacy regulatory laws and requirements (e.g., GDPR)
- Work with clients to test for compliance with various prevailing regulatory laws, requirements, and standards including but not limited to Sarbanes-Oxley Act of 2002.
- Activities related to the above responsibilities may include documenting Company processes in narratives, flowcharts, and/or other forms of corporate documentation; performing walkthroughs of the Company’s significant processes with business and IT control owners and audit entities; conducting interviews of Company employees; and compiling, analyzing, and reviewing data in support of business and system process control improvements.
- Create, distribute and review regularly issued governance and audit management performance reporting to IT leadership.
REQUIREMENTS & EXPERIENCE:
- A minimum of five years of overall IT audit experience performing information system control risk assessments.
- A minimum of five years of experience performing IT general controls, application controls; security audits a plus.
- Proficient understanding of ERP systems, Operating Systems, Databases, and Network Infrastructure components.
- Experience managing simple and complex information technology internal audits.
- Experience working with matrix-based teams of various sizes across geographical boundaries.
- Working knowledge of General Data Protection Requirement (GDPR), COBIT 5, ISO 27001/2, HIPAA, NIST 800 series desired.
- Knowledge of risks and controls in emerging technologies based on Blockchain, Internet of Things (IoT), and Artificial Intelligence is a plus.
- Exceptional oral and written communication skills.
- Ability to travel up to 25% (domestic and international).
EDUCATION / KNOWLEDGE:
- Bachelor’s or Master’s degree in information systems or business-related disciplines.
- ITIL, CISA, CISM, CIA, or CRISC a plus.
- Working knowledge of Sarbanes Oxley 2002 IT domain and related control requirements is required.
- Leadership, management training or certification a plus.
- Configuration Management Database (CMDB) experience desired.
- Service Level and Operational Level standards experience desired.