Senior Internal Auditor – Information Technology
Job Summary:
The Senior IT Auditor will build strong relationships and interact effectively at all levels of the organization to achieve compliance objectives while keeping up with industry standards. Reporting to the Sr. Director, Internal Audit & supporting the Internal Audit Risk & Governance function, this role will be responsible for planning, supervising, and completing annual planned audits, SOX ITGC compliance implementation and testing, risk assessments and consulting engagements to protect the company from risk, enhance the internal control environment and contribute to iHerb’s commitment to continuous improvement.
Job Expectations:
Assist iHerb to comply with corporate statutory/regulatory requirements. Emphasis will be on planning and executing audits as well as performing controls assessments for SOX, CyberSecurity, SAP, Data Privacy, and PCI compliance
Plan & lead complex IT audits (based on COBiT methodology) for IT general and application controls in the areas of system development, information security, change management, data networks, computer operations, business continuity and disaster recovery
Evaluate the design and effectiveness of the control environment; track, monitor and maintain control issues; develop/assist with remediation plans & prepare compliance summaries
Liaise with Compliance and IT management throughout the annual compliance life cycle
Evaluate and test security and controls for various on-premise and cloud-based technologies
Practical experience with internal control standards (Sarbanes Oxley, COSO, COBIT), control testing strategies
Understanding of Internal audit processes and practices i.e.: technology and tools for planning, testing, and reporting
Evaluate Service Organization Control (SOC) reports
Practical experience with evaluating IT general controls concepts in the areas of system development, change management, computer operations and access to programs
Hands on experience with IT security fundamentals across multiple domains including security management, security architecture, access control, application development, operations security, physical security, and networking, business continuity planning
Developing and executing a detailed audit work plan for the IT audit component
Drafting and assisting in reporting audit results to company leadership
Assessing and communicating audit results, translating findings into level of risk and drive remediation of key issues in a timely manner
Developing an effective and sustainable IT system controls framework
Recommend improvements to processes, controls, and test programs to enhance the control environment and improve efficiency/effectiveness
Develop strong, collaborative working relationships across all levels of the Company; maintain on-going and constant communications with key stakeholders
Advocate and maintain the highest standard of ethics, discipline, and professionalism
Coordinate, the work performed by external co-sourced resources
Knowledge, Skills and Abilities:
Required:
Big 4 experience working with public company clients a plus
Proven experience in driving the execution of IT end-to-end SOX program
Proven experience in planning, leading, and performing IT internal audits
Subject matter expert on internal controls, SOX compliance, and/or enterprise risk management
Strong understanding of business processes and system applications
Strong planning, project management and analytical skills
Excellent leadership, written and verbal communication, and collaboration skills
Self-starter ability to proactively problem-solve, identify, advocate for and execute improvements
Ability to maintain a positive attitude and embrace change, thrive in a fast-paced environment
High ethical and personal standards. Possess a strong work ethic with a commitment to continuous improvement in a dynamic and changing environment that strives to exceed expectations
Experience performing IT General Controls and/or IT Application Controls reviews, hands on experience evaluating risks based on COSO and COBIT principals and executing internal audit programs
Experience with IT audit in public accounting and/or internal audit involving public companies to include exposure to sophisticated information system audit techniques for SOX 404 compliance including network security, technology infrastructure, software development, disaster recovery, etc
PCI Compliance/Audit experience AND at least two years of cumulative IT Audit/Technical experience in enterprise ERP systems such as SAP
Experience with Cloud compliance
Equipment Knowledge:
Experience with auditing SAP and designing auditing procedures for home grown IT systems
Experience with Microsoft Office Suite (Word, Excel, PowerPoint)
Experience with Google Business Suite (Gmail, Drive, Docs, Sheets, Forms) preferred
Experience Requirements:
Generally requires a minimum five (5) plus years of public accounting and/or industry experience. Certification as a Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified Information Security Manager (CISM), Cloud and/or PCI preferred.
Education Requirements:
Bachelor’s Degree in Information Systems or related field preferred. CPA/CISA/CIA/CISM qualification with a Big 4 public accounting firm is strongly preferred.
#LI-ME1
About the job
Apply for this position
Senior Internal Auditor – Information Technology
Job Summary:
The Senior IT Auditor will build strong relationships and interact effectively at all levels of the organization to achieve compliance objectives while keeping up with industry standards. Reporting to the Sr. Director, Internal Audit & supporting the Internal Audit Risk & Governance function, this role will be responsible for planning, supervising, and completing annual planned audits, SOX ITGC compliance implementation and testing, risk assessments and consulting engagements to protect the company from risk, enhance the internal control environment and contribute to iHerb’s commitment to continuous improvement.
Job Expectations:
Assist iHerb to comply with corporate statutory/regulatory requirements. Emphasis will be on planning and executing audits as well as performing controls assessments for SOX, CyberSecurity, SAP, Data Privacy, and PCI compliance
Plan & lead complex IT audits (based on COBiT methodology) for IT general and application controls in the areas of system development, information security, change management, data networks, computer operations, business continuity and disaster recovery
Evaluate the design and effectiveness of the control environment; track, monitor and maintain control issues; develop/assist with remediation plans & prepare compliance summaries
Liaise with Compliance and IT management throughout the annual compliance life cycle
Evaluate and test security and controls for various on-premise and cloud-based technologies
Practical experience with internal control standards (Sarbanes Oxley, COSO, COBIT), control testing strategies
Understanding of Internal audit processes and practices i.e.: technology and tools for planning, testing, and reporting
Evaluate Service Organization Control (SOC) reports
Practical experience with evaluating IT general controls concepts in the areas of system development, change management, computer operations and access to programs
Hands on experience with IT security fundamentals across multiple domains including security management, security architecture, access control, application development, operations security, physical security, and networking, business continuity planning
Developing and executing a detailed audit work plan for the IT audit component
Drafting and assisting in reporting audit results to company leadership
Assessing and communicating audit results, translating findings into level of risk and drive remediation of key issues in a timely manner
Developing an effective and sustainable IT system controls framework
Recommend improvements to processes, controls, and test programs to enhance the control environment and improve efficiency/effectiveness
Develop strong, collaborative working relationships across all levels of the Company; maintain on-going and constant communications with key stakeholders
Advocate and maintain the highest standard of ethics, discipline, and professionalism
Coordinate, the work performed by external co-sourced resources
Knowledge, Skills and Abilities:
Required:
Big 4 experience working with public company clients a plus
Proven experience in driving the execution of IT end-to-end SOX program
Proven experience in planning, leading, and performing IT internal audits
Subject matter expert on internal controls, SOX compliance, and/or enterprise risk management
Strong understanding of business processes and system applications
Strong planning, project management and analytical skills
Excellent leadership, written and verbal communication, and collaboration skills
Self-starter ability to proactively problem-solve, identify, advocate for and execute improvements
Ability to maintain a positive attitude and embrace change, thrive in a fast-paced environment
High ethical and personal standards. Possess a strong work ethic with a commitment to continuous improvement in a dynamic and changing environment that strives to exceed expectations
Experience performing IT General Controls and/or IT Application Controls reviews, hands on experience evaluating risks based on COSO and COBIT principals and executing internal audit programs
Experience with IT audit in public accounting and/or internal audit involving public companies to include exposure to sophisticated information system audit techniques for SOX 404 compliance including network security, technology infrastructure, software development, disaster recovery, etc
PCI Compliance/Audit experience AND at least two years of cumulative IT Audit/Technical experience in enterprise ERP systems such as SAP
Experience with Cloud compliance
Equipment Knowledge:
Experience with auditing SAP and designing auditing procedures for home grown IT systems
Experience with Microsoft Office Suite (Word, Excel, PowerPoint)
Experience with Google Business Suite (Gmail, Drive, Docs, Sheets, Forms) preferred
Experience Requirements:
Generally requires a minimum five (5) plus years of public accounting and/or industry experience. Certification as a Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified Information Security Manager (CISM), Cloud and/or PCI preferred.
Education Requirements:
Bachelor’s Degree in Information Systems or related field preferred. CPA/CISA/CIA/CISM qualification with a Big 4 public accounting firm is strongly preferred.
#LI-ME1