The IT Staff Auditor is a key member of our dynamic Internal Audit team at SharkNinja. The candidate would be primarily responsible for SOX monitoring and review, System Implementation reviews, Service Provider and Data Privacy reviews, and internal PCI reviews. The candidate would also assist with non-IT audits, including Financial and Operational audits in alignment with the Company’s enterprise risk assessment. The IT Staff Auditor should be able to help execute test plans, document results, effectively communicate findings, and follow-up on the status of outstanding issues.
Areas of Expertise
- SOX Monitoring and Review – Evaluate the design and effectiveness of automated application controls, evaluate segregation of duties, operate Oracle GRC ERP system monitoring software, and review associated business processes. Review management’s ITGC testing and execute additional testing, as needed.
- System Implementations & Upgrades – Perform both pre-implementation and post-implementation reviews of the system development lifecycle and program change controls.
- Service Provide & Data Privacy – Perform a review of data privacy and contractual compliance, including detailed on-site audits and surveys. Work directly with legal attorneys and business owners in organization as part of an industry-leading audit program.
- PCI – Perform various internal reviews as needed to evaluate privacy, infrastructure, security and retention reviews, working directly with individuals throughout the IT organization including, Privacy, PCI, and Security Operations departments.
- Audit System Implementations & Upgrades – Assist with the implementations or upgrades of audit and monitoring software, documenting requirements, developing test plans, and performing User Acceptance Testing.
- Assist with the Audit assessment for ITGC and Application Controls using Sarbanes-Oxley (SOX) , COBIT, COSO, ISO 27001, and NIST 800-53r4 in areas such as enterprise applications, user access, systems development lifecycle, incident management, change control, Vulnerability management, encryption, platform hardening, applications, operating systems, databases, wireless, and network devices such as firewalls, IDS, IPS, physical access, and policy and procedure
- Assist with the completion of information systems assessments to evaluate the effectiveness of data processing controls, accuracy and integrity of data, and compliance to applicable policies and regulations within the IS organization.
- Assist with non-IT audits, including Financial and Operational audits
- Recommend preventive, mitigating, and compensating controls to ensure appropriate level of protection and adherence to the goals of the overall information security strategy
Education and Experience
- Bachelor’s Degree in Computer Science or related field
- 0-2 years of relevant IT audit experience
- Possession or pursuit of Certified Information Systems Auditor (CISA) or another IT audit-related certification preferred
- Strong communication skills and the ability to interact with employees at all levels of the organization