Sr. IT Auditor

Watsco   •  

Coconut Grove, FL

5 - 7 years

Posted 308 days ago

This job is no longer available.

Ideal Candidate Profile

The ideal candidate will possess skills in IT Audit, Security, Risk and Compliance – with technical background in IT systems administration and operations, and/or IT security administration and operations.

The candidate will be highly motivated, be able to operate independently, apply critical thinking to identify audit findings, be able to defend them if challenged, and come up to speed quickly on new IT systems and technologies.

The candidate will have excellent IT audit  documentation skills, and develop work papers that are appropriate for consumption by non IT management personnel.

Duties will include:

  • Conducting Sarbanes-Oxley IT General Controlsaudits of Watsco and its subsidiaries, including:
    • Planning and executing audits in a professional, efficient and effective manner
    • Interacting with the CIO’s and their staff for audit planning, coordination, testing, and status reporting
    • Performing detailed technical IT general controls testing
    • Maintaining detailed audit work papers to support audit findings and recommendations
    • Reporting audit findings and recommendations to the IT Internal Audit Manager, Vice President of Internal Audit and various levels of management
  • Proficiency using MS Office suite products (Excel, Word, PowerPoint), with an emphasis on data manipulation in MS Excel
  • Identifying IT controls process improvement opportunities outside the scope of formal audits
  • Developing IT audit programs and methodologies for new audit areas (e.g., Cybersecurity, applications, processes, etc.)

The ideal candidate will be a professional who:

  • Can effectively manage multiple tasks and deadlines
  • Is self-motivated and takes pride in the results of their efforts
  • Enjoys an environment of empowerment and responsibility
  • Is an effective verbal and written communicator

Experience & Qualifications:

  • More than 5years of full life cycleIT Auditexperience, including:
    • IT Application Controls Testing
    • IT General Controls Testing Including:
      • Antivirus
      • Backups and Restores
      • Application security configurations
      • Operating Systems security configurations
      • Database Management Systems security configurations
      • Networksecurityarchitecture
      • Firewall security configurations
      • Privileged Identity Management
      • Incident Response
      • Disaster Recovery
      • System Development Life Cycle (SDLC)
      • Change Control
      • Physical Security
    • IT and CybersecurityRisk Assessmentexperiencewith standards including but not limited to:
      • COBIT 5.0
      • ISO 27002
      • NIST Cybersecurity Framework
      • NIST 800.30, 800.37 (SecurityRisk Management )
      • PCI, SOX
    • CISA, CISSP, CIA, CRISC and/or CPA certifications are a plus.
    • Willingness to travel (approximately 35%) throughout United States with limited travel to Canada and Mexico

IT Security and Controls Domain Expertise:

  • Operating Systems – UNIX (HP-UX), iSeries AS/400, Windows Server
  • Databases – DB2, SQL, Progress (NxTrend)
  • Access Control Technology – Active Directory, RBAC
  • NetworkInfrastructureTechnologies (firewalls, routers, load balancers, switches)
  • ERPs – Mincron, NxTrend, SAP
  • Network and Web Based SecurityTechnologies (IDS/IPS, DLP, Web Content Filtering)
  • COBIT 5.0, ISO27002, NIST CSF, NIST 800.30,  NIST 800.37, SOX IT Controls and PCI standards