At this time, we are unable to offer visa sponsorship for this position. Candidates must be legally authorized to work for any employer in the United States (or (applicable country) on a full-time basis without the need for current or future immigration sponsorship.

Summary of This Role

Conducts operational, compliance, and financial audit and advisory engagements of domestic and/or international operations and providing sound project management. leads the planning and execution, reporting and follow-up of audit engagements. Develops, monitors and assists in executing the testing strategy for audit engagements.

• Conduct assurance reviews and audits to evaluate the design and effectiveness of controls supporting the company’s business processes and information systems.   

• Lead and execute all aspects of the audit process, including planning, risk assessment, controls identification, client coordination, fieldwork, data analysis, work paper documentation, reporting, and remediation validation, with direction from senior team members. 

• Understand business and IT processes to identify risks and evaluate internal controls.  

• Document thorough understanding of business processes, including the role of technology in supporting the process.  Effectively perform testing of automated business process controls and IT general controls.

• Assess information technology design and operating effectiveness, particularly related to application and infrastructure logical access, change management, and operations, as well as more common information security considerations.

• Evaluate root cause factors, extent of risk, and mitigating/compensating controls for audit testing exceptions. 

• Provide first level of detail review of work paper documentation to ensure audit testing work papers are documented in a consistent and high quality manner while executing project tasks in adherence to established timelines. 

• Partner with the project manager to assess the adequacy of the corrective action(s) taken by management, stakeholders, or process owners to improve governance, risk management, and control issues.

• Track and report project status and milestones to project leadership and/or management. 

• Discuss audit results, their impact and recommendations for corrective actions with the project manager, external audit partners, and/or management.

• Build and develop Audit Services Group’s brand within the company through meaningful relationship building.  

• Coordinate audit activities with management, co-source providers and external auditors.   

• Enable continuous improvement of the Audit Services Group by identifying and communicating enhancement opportunities to department leadership. 

• Support the development of other team members within the Audit Services Group

Minimum Qualifications

• 3-5 years of relevant audit and risk management experience. 

• Knowledge of auditing principles and practices, and the analysis and reporting of audit information.

• Knowledge of IPPF Standards, IIA best practices, auditing principles and practices, as well as the analysis and reporting of audit information. 

• Bachelor’s degree in Accounting, Auditing, Business Management, Information Technology, or other similar degrees. 

• Significant experience and expertise with common internal control frameworks and guidance, including Sarbanes-Oxley, SSAE 18 (SOC 1 and SOC 2, both type 1 and type 2 reports), and 2017 AICPA Trust Services Criteria for a SOC 2. 

• CIA, CISA, CISM, CISSP, CCAK, CPA, or other relevant certification(s).

• Big Four audit experience preferred.

• 10-15% travel requirement, including some international travel

Preferred Qualifications

• Experience with multiple internal control frameworks, including NIST, Cloud Controls Matrix, AWS Cloud Adoption Framework, COBIT, FFIEC, PCI-DSS, ISO27001, and ITIL

• Big Four or similar firm audit experience.

• Card Issuing, Payment Processing, Financial Services industry, Merchant Acquiring, and Consumer and Business Financial Solutions experience

What Are Our Desired Skills and Capabilities?

• Audit and/or consulting experience in most of these areas: 

  • Information technology controls, including access controls, systems development and change management, IT operations, cloud fundamentals, and information and data security  

  • Payment Processing/Merchant Acquiring industry, transaction processing, and settlement.

  • Automated business process controls 

• Experience in testing information security controls at the application, operating system and database layers – including logical access, change management, operations, and information security controls considerations

• Experience in executing large and complex regulatory compliance projects.  

• Demonstrate strong project management and execution skills, including: prioritizing tasks, balancing workload, anticipating next steps, and adapting to change, new report & control identification & documentation

• Ability to lead projects with little instruction on day-to-day work, generally receiving general instructions on new assignments. 

• Tailor project approaches based on areas of key risks.  Critically evaluate audit procedures to maximize the value of each audit project.   

• Prepare clear, concise, and accurate documentation and audit reports (e.g., SOC reports, scope memos, internal & external status reports).  Ensure compliance with audit standards. 

• Proactively communicate issues with colleagues and obtain agreement on audit findings and practical recommendations with control owners prior to presentation to management.

• Strong communication and presentation skills with an ability to tailor communications to different audiences. 

• Pursue work with enthusiasm, energy, drive, and team collaboration. Maintain a positive, professional, and team-oriented attitude. 

• Establish and build effective relationships. Collaboratively work with management to improve internal controls and processes. 

• Assist and provide guidance to the Audit Services staff, when needed; train staff during fieldwork. 

• Knowledge and/or willingness to fully utilize Microsoft Teams and the Google Workspace product suite for conducting meetings, documenting testing and audit procedures performed, collaboration, email, and other activities as needed. Familiarity with Google Workspace is preferred.

• Knowledge of AuditBoard and familiarity with executing projects within AuditBoard or another Audit software is preferred.