IT Audit Senior
IT Audit Senior with an Atlanta-based Fortune 500 technology company.
Summary
The IT Audit Senior will be responsible for managing the execution of SOC1 and SOC2 audits over cloud-based products and services as part of the company’s SOC project portfolio.
This role will play a key role in the execution of the related mainframe SOC 1 and SOC 2 reports (8 annual reports for core and small subsidiary businesses in the US and international markets). As a key liaison for external auditors that issue the reports and internal IT and business teams, the Senior Auditor ensures comprehensive project management and execution of the SOC 1 and SOC 2 audit requirements as well as, in coordination with the SOX IT Audit program manager, elements of the company’s SOX program.
Responsibilities
- Work with internal business leaders to understand the current mainframe, distributed, and AWS cloud environments to document controls in support of SOC and SOX scope.
- Work with external audit firms to ensure documented controls meet SOC 1 and SOC 2 framework requirements.
- Work with the Controls Assurance (CA) team to lead testing (including both executing and reviewing control testing) of new controls in alignment with Internal Audit (Audit Services Group) and CA testing and documentation standards.
- Work with existing Controls Assurance team members to assess the current control environment as translated into the new cloud environment to ensure consistent control coverage between current and future state.
- Foster and maintain strong relationships throughout the company to support audit execution responsibilities. Viewed as a partner with IT and business leaders to understand the business and assist in designing and delivering the required audit services to meet business, customer, and regulatory requirements.
- Conduct assurance reviews and audits to evaluate the design and effectiveness of controls supporting the company’s business processes and information systems.
- Lead and execute all aspects of the audit process, including planning, risk assessment, controls identification, client coordination, fieldwork, data analysis, work paper documentation, reporting, and remediation validation, with direction from senior team members.
- Identify new and assess existing information technology control design and operating effectiveness, particularly related to application and infrastructure logical access, change management, and operations, as well as more common information security considerations.
- Evaluate root cause factors, extent of risk, and mitigating/compensating controls for audit testing exceptions and work with internal leaders to craft management responses for SOC reporting.
- Partner with the Project Manager to assess the adequacy of the corrective action(s) taken by management, stakeholders, or process owners to improve governance, risk management, and control issues.
- Discuss audit results, their impact, and recommendations for corrective actions with the Project Manager, external audit partners, and/or management.
Requirements
- Bachelor’s degree in Accounting, Audit, Business Management, Information Technology, or Information Security.
- 3+ years of Public Accounting, Financial Services, or Financial Technology audit or other related work experience.
- Significant experience and expertise with common internal control frameworks and guidance, including Sarbanes-Oxley, SOC 1 and SOC 2 (readiness, type 1, and type 2 reports), and AICPA Trust Services Criteria for a SOC 2.
- Cloud security framework auditing (specifically as related to AWS).
- Mainframe auditing, including IT infrastructure design, management, operations, and security.
- CIA, CISA, CISM, CISSP, CCAK, CPA, or other relevant certifications.
- Ability for 10-15% travel.