IT Auditor in East Point, GA at Vaco

Date Posted: 8/15/2019

Job Snapshot

Job Description


  • Maintain knowledge of developments in the IT field that may have an impact on the company, the risk assessment or the company's audit methodology and procedures
  • Proactively identify existing and emerging IT risks that may be of importance to the Company's executive management and the audit committee
  • Integral team member providing guidance on ITGC internal controls compliance throughout US Field and international entities as needed. Develop and present ITGC scoping, testing and remediation training for other entities as they implement their full scope testing
  • Assist in risk assessment and identification of significant gaps against best practices
  • Work with process owners in the creation and maintenances of Risk and Control Matrices for processes identified through risk assessment
  • Work with business process owners in the guidance of performing semi-annual segregation of duties, user access reviews and review of other high-risk processes
  • Participate in design and operating effectiveness testing of in scope processes/systems
  • Identify internal control weaknesses and recommend remediation to strengthen control environment
  • Works with the Internal Control testers including contract resources and interns. Responsibilities include initial review of testing results to ensure compliance with testing objectives on a daily basis
  • Assist in designing, implementing, and communicating key reports and test results for management on compliance obligations and progress against compliance plans
  • Participate in special projects pertaining to IT Compliance initiatives
  • Assists in the consultation with members of business and IT regarding the purpose of testing ITGC, provide guidance on implementation of ITGC and provide suggestions on how to improve their ITGCs
  • Communicate project status, concerns, or issues to Management in a timely mannerEvaluate IT general controls (ITGC) including information security, change management, data center and physical security; disaster recovery and systems development life cycle (SDLC)
  • Assist in performing the annual IT risk assessment to determine those IT risks to be included in the annual testing plan, as well as identify specific divisional/ location IT risks and objectives
  • Document, assess, and evaluate automated systems controls including interface completeness and validity, authentication and authorization, and input/ output controls to support sensitivity of data and privacy
  • Perform monitoring and testing of IT controls at the application, database, operating system, and process levels. Work with business partners to ensure process documentation and communications are complete and timely, and maintain an updated IT Controls master listing
  • Document and report testing results with recommended best practice solutions for issue remediation and provide necessary input to the international ICS team
  • Develop recommendations to mitigate risks or correct control deficiencies or gaps. Provide advice to Company business units regarding best practices and corrective action alternatives based on cost/benefit.
  • Review control descriptions, process narratives and testing strategies for reasonableness and accuracy. Make recommendations and implement updates to documentation
  • Perform proper planning to execute the required test steps by established deadlines with minimal supervision. Be able to prioritize assignments, apply sample size guidelines appropriately and provide constant and clear feedback to management and the process owners
  • Coordinate with process owners to ensure monitoring of the controls occurs throughout the year
  • Function as a liaison with the external auditors during their compliance testing
  • Coordinate the ITGC testing with PwC to increase the efficiency of the external audit
  • Monitor and consult regarding significant IT system implementations and upgrades (i.e. R12)
  • Develop Computer Aided Audit Techniques (CAATs) and data analytics
  • Developing and maintaining effective working relationships with team members, business (IT) process owners, management, internal auditors and external auditors
  • Perform other duties and responsibilities as assigned.

Preferred Education and Experience

  • Bachelor's degree required; Major in Accounting, Finance, Computer Science, or Accounting Information Systems preferred
    • 5 - 7 years of IT Audit experience
    • An in-depth understanding of the Oracle and SAP ERP environments
    • Detailed understanding of general business processes and IT General Controls
    • Minimum of 5 years of experience with SOX 404 documentation and testing compliance
  • Strong computer skills, including proficiency with MS Office suite, query tools and databases. Advanced Access/Excel and Data Analytical Tools is desirable
    • Capability to travel 10-20%
    • CISA, CISSP, CISM or equivalent certification is preferred
    • Experience testing ITGCs and Application Controls