IES Holdings is seeking a hands-on technically skilled and strategically minded IT Audit Manager to fill a newly created role within our Internal Audit team. This position will manage day-to-day IT audit activities including managing IT resources, executing risk-based IT SOX testing, performing internal audits, and leading audit automation and data and analytics initiatives.
KEY RESPONSIBILITIES
SOX IT CONTROLS PROGRAM
- Manage the annual SOX IT scoping process, including identification of in-scope systems, key reports, and IT dependencies supporting financial reporting.
- Lead walkthroughs, test of design (TOD), and test of effectiveness (TOE) for SOX IT general controls and application controls.
- Coordinate with external auditors on IT SOX reliance strategy, integrated audit approach, and PBC deliverables.
- Track and report on IT control deficiencies.
- Advise on control design for new or significantly changed systems and processes impacting financial reporting.
- Drive automation of repeatable SOX testing processes to reduce manual effort and reliance on business stakeholders for data.
IT AUDIT PLANNING & EXECUTION
- Develop and maintain a disciplined, risk-based IT audit scope - ensuring audit resources (internal and outsourced) are focused on the highest-priority risk areas rather than broad, unfocused coverage.
- Plan, lead, and execute risk-based IT internal audits, including operational IT audits, cybersecurity reviews, NIST assessments, and other non-SOX IT audit engagements.
- Communicate audit results, risk ratings, and remediation recommendations clearly to IT and business leadership.
DATA ANALYTICS & AUDIT AUTOMATION
- Champion the adoption of audit automation, RPA, and AI-assisted techniques within the Internal Audit function.
- Partner with IT and business intelligence teams to ensure the audit function has access to data in usable formats - reducing dependency on the business for audit evidence gathering.
- Develop automated scripts and workflows to test large user access datasets, configuration parameters, and system logs.
- Build repeatable analytics solutions that increase audit coverage across ERP and ancillary systems.
- Serve as the team's subject matter expert on data-driven audit methodologies.
TECHNOLOGY RISK ADVISORY & STAKEHOLDER MANAGEMENT
- Partner with IT, Cybersecurity, and Compliance teams to identify emerging technology risks and align audit coverage accordingly.
- Provide advisory input on major technology initiatives, system implementations, and digital transformation projects.
- Monitor the technology risk landscape and adjust the audit plan proactively.
- Collaborate with the broader Internal Audit team on integrated audits that span IT and business/operational risk areas.
TEAM & ENGAGEMENT LEADERSHIP
- Direct and manage IT audit resources on a day-to-day basis.
- Contribute to the development of the annual IT audit plan and departmental strategic initiatives.
- Support the future recruitment and onboarding of IT audit talent as the function grows; help build a high-performing, technology-forward audit team.
Specific Qualifications
REQUIRED
- Bachelor's degree in Information Systems, Computer Science, Accounting/Finance, or related field
- 5+ years of current, hands-on IT audit experience
- Deep knowledge of IT general controls (ITGCs), IT application controls, and ITGC/SOX frameworks
- Experience performing a broad range of IT internal audits beyond SOX, including operational IT audits, cybersecurity reviews, and NIST assessments
- Hands-on SOX IT controls experience, including coordination with external auditors
- Demonstrated experience with data analytics tools
- Proven track record driving audit automation or continuous monitoring initiatives
- Solid understanding of cybersecurity concepts, network architecture, and access management
- Strong knowledge of regulatory standards including COBIT, NIST, COSO, and IIA
- Excellent communication skills with the ability to explain technical risks to non-technical audiences
PREFERRED
- CISA (Certified Information Systems Auditor) - strongly preferred
- Experience in manufacturing, construction, or other industrial industry environments
- Familiarity with Microsoft Dynamics
- Proficiency in Python or SQL for large-scale data testing and automation scripts
- Knowledge of emerging technologies: AI/ML governance, robotic process automation (RPA), data lakes
Additional Data
PLEASE NO AGENCY CALLS. NOTE TO ALL AGENCIES: Any unsolicited agency resumes or agency represented candidates that are presented to any IES employee without first having a signed contract between that agency and the IES Talent Acquisition organization will become the property of IES and no fees will be paid.
College 4-6
