Internal IT Audit Manager

General Summary:

Leading and conducting complex IT, system security, operational, compliance, and Sarbanes-Oxley audits including preliminary planning of an audit’s scope and execution, preparing and interpreting work papers, proposing value-added recommendations based upon research and analysis of results, drafting final deliverables, reviewing the results with Internal Audit management and conducting follow-up work for assigned management action plans. Assists less experienced auditors and directs their work as necessary.

Duties & Responsibilities:

• Manage and/or execute Sarbanes Oxley control testing, process walkthroughs, and year- end testing to meet deadlines established by management and the external auditors. 
• Identify risks, controls, and gaps within the Company’s processes or systems. 10%
• Develop audit programs that proactively address organizational risks and align with the strategic priorities of leadership. 15%
• Lead in-depth IT and integrated audits by evaluating applications, system operations, and supporting infrastructure through the full audit life cycle from planning through fieldwork execution and reporting. 35%
• Manage the management action plan oversight process. 10%
• Build and maintain strong relationships with stakeholders across the organization to foster effective collaboration and communication. 5%
• Provide guidance and support to team members, helping them navigate complex audit scenarios and develop their skills.
• Mentor and develop a team of auditors, fostering a culture of continuous learning, professional growth, and high performance. 5%
• Keep current on evolving technologies in the areas of auditing, information security & technology, business & organization initiatives, and maintain professional certifications.

Knowledge, Skills and Abilities (KSAs):

• Clear understanding of IT and financial risks as well as their impact on the business from both technical and procedural perspectives.
• Strong understanding of general IT controls, application controls, security controls, and well- known IT security frameworks (e.g. COBIT, ISO 27000, NIST SP 800, etc.).
• Knowledge of regulatory requirements related to general IT controls and security such as privacy, Sarbanes-Oxley, PCI, and HIPAA.
• Experience working independently as well as collaboratively across teams.

• Attention to detail and the ability to provide innovative insights and creative solutions.

• Ability to thrive in an environment were giving and receiving feedback is an expectation and norm.

• Proven ability to develop and mentor team members, fostering a culture of growth and collaboration.
• Strong leadership, critical thinking, analysis, and problem-solving skills.
• Established experience with auditing network devices (e.g., IDS/IPS, firewalls, VPN, etc.), server platforms (e.g., Windows, Linux, AS 400, etc.), database platforms (e.g., Oracle, SQL, etc.), and security controls.
• Experience with MS Office applications and other data analysis tools such as ACL, Access or other SQL-based tool(s).
• Ability to analyze data sets and/or use technology to increase efficiency such as automating manual or repetitive activities.
• Be able to travel when necessary.

Work Experience &/or Education:

• Bachelor’s degree in an engineering/technology related area of concentration like Information Technology, Engineering Technology, Computer Science, Data Science, Management Information System, etc.).
• Minimum of five years of related experience (including IT operational auditing, process improvement assessments, SOX, and/or compliance projects) is required.
• Advanced degree and CISA, CISSP, or equivalent certification (or progress toward) preferred, but not required.