Manager of IT Audit

We are seeking an experienced IT Audit Manager to lead audits focused on SOX compliance, system integration risks, and IT controls within a dynamic and evolving technology environment. This individual will be responsible for leading a team of full-time and seasonal auditors to execute the annual audit plan as developed by the Director of Audit. This role will be responsible for auditing management’s design, implementation, and operating effectiveness of IT general controls (ITGCs), application controls, and cybersecurity risks, with a strong emphasis on major system harmonizations, user acceptance testing (UAT), and change management processes. The IT Audit Manager will work closely with IT, finance, and business process owners to ensure compliance with regulatory requirements and identify risks associated with business transformation initiatives.

SOX Compliance & IT Controls:

• Oversee the execution of ITGC SOX 404 audits, evaluating managements compliance with regulatory requirements and company policies.
• Assess ITGCs, automated controls, and IT-dependent manual controls, identifying gaps and partnering with IT management to monitor remediation plans.
• Partner with IT and business teams to monitor and test user access controls, change management, and data integrity across key applications.
• Work with external auditors to coordinate IT audit procedures and ensure a smooth, efficient audit process.

System Integration & UAT Risk Management:

• Facilitate internal audits Secure System Development Lifecycle (SSDLC) audit program
• Evaluate risks associated with system implementations, migrations, and integrations, ensuring control frameworks are followed as designed by management.
• Audit managements review and assessment of user acceptance testing (UAT) processes for major system changes, ensuring proper documentation, test coverage, and defect resolution.
• Evaluate management’s identification and mitigation of risks related to data conversions, system interfaces, and IT security during integrations.
• Assess third-party IT service providers and cloud-based solutions for compliance with company policies and SOX requirements.

Risk Assessment & Audit Execution:

• Conduct IT risk assessments to identify emerging risks in the technology landscape, including cybersecurity, data privacy, and regulatory compliance.
• Lead and execute IT audits from planning to reporting, ensuring audits are risk-based and provide meaningful insights to stakeholders.
• Provide recommendations to strengthen IT control environments and improve efficiency in IT-related processes.

Collaboration & Advisory Role:

• Act as a trusted advisor to IT and business leadership, providing insights into IT governance, risk management, and compliance best practices.
• Partner with IT project teams to embed audit and control considerations early in system development life cycles (SDLCs).

• Bachelor's degree in Information Technology, Accounting, Business Intelligence & Analytics, or Computer Science. MBA preferred.
• 6 – 8 years of experience, preferably in a publicly traded company or Big 4 accounting firm.
• Strong knowledge of SOX 404 requirements, ITGCs, application controls, and COSO / COBIT frameworks.
• Experience with system implementation reviews, UAT processes, and change management controls.
• Familiarity with ERP systems (e.g., Oracle), cloud computing risks, and cybersecurity frameworks (NIST, ISO 27001).
• Relevant certifications preferred (CISA, CISSP, CPA, or CIA).
• Excellent communication and stakeholder management skills, with the ability to influence and drive change.
• Travel required: 20%