IT Audit Analyst - Global
The IT Audit Analyst will perform real-time systems implementation readiness assessments, support SOX 404 compliance, perform vulnerability, infrastructure & application security audits, and provide integrated IT support for financial & operational assurance.
Major Duties/Responsibilities:
Perform Real-Time Systems Implementation Readiness Assessments
- Effectively perform assigned procedures to evaluate go-live readiness for each key module of Hershey’s ERP implementation (and subsequent Tier 1/2/3 systems implementations)
- Effectively communicate with Hershey IT and Business personnel to articulate the objectives of audit assessments, obtain required process understandings/documentation, align on identified risks/impact, and positively influence risk remediation via proposed recommendations.
- Update Internal Audit project plans to reflect progress with respect to completion of assigned tasks, resource/timing constraints, and interdependencies to enable delivery of readiness assessments included within the Audit Plan.
- Effectively identify risks to financial reporting reliability, business disruption, governance, IT security and compliance through the performance of assigned procedures and coordinate with the business to draft recommendations which effectively remediate identified risks.
- Summarize the results of assigned go-live readiness assessment procedures in a manner which clearly articulates key identified risks/recommended action items for inclusion in executive-level reporting to Senior Leadership utilized to inform go-live decisions.
Support SOX 404 Compliance
- Facilitate compliance throughout assigned key business units and functions with standards of internal control over financial reporting promulgated by the Sarbanes-Oxley Act of 2002 through effectively executing assigned SOX 404 tests of controls.
- Execute quarter and annual management assistance and External Audit support requests and testing requirements.
- Provide technical support to end users of the SOX 404 Application (Workiva).
Perform Vulnerability, Infrastructure & Application Security Audits
- Effectively execute assigned procedures to perform external vulnerability and internal infrastructure/application security assurance reviews leveraging IT audit experience and technical knowledge gained via CISA and/or CRISC certifications.
- Document results of audit procedures in the form of audit working papers which comply with IIA standards.
- Update Internal Audit project plans to reflect progress with respect to completion of assigned tasks, resource/timing constraints, and interdependencies to ensure delivery of Audits in the Annual Plan.
- Effectively identify risks to financial reporting reliability, business disruption, governance, IT security and compliance through the performance of assigned procedures and coordinate with the business to draft recommendations which effectively remediate identified risks.
- Summarize the results of assigned audit procedures in a manner which clearly articulates key identified risks/recommended action items for inclusion in executive-level reporting to Senior Leadership.
Provide Integrated IT Support for Financial & Operational Assurance
- Effectively execute assigned audit procedures to evaluate and conclude upon the design and operating effectiveness of operating system/database security, user security, segregation of duties, interface security/error monitoring, systems change management, completeness/accuracy of data transmission, and IT risk posture of 3rd party service providers.
- Document results of audit procedures in the form of audit working papers which comply with IIA standards.
- Effectively identify risks to financial reporting reliability, business disruption, governance, IT security and compliance through the performance of assigned procedures and coordinate with the business to draft recommendations which effectively remediate identified risks.
- Summarize the results of assigned audit procedures in a manner which clearly articulates key identified risks/recommended action items for inclusion in executive-level reporting to Senior Leadership.
- Assist Audit Managers and Directors with performing value added data analytics utilizing Tableau and configuring continuous monitoring rules leveraging SAP GRC Process Control as requested.
Leadership Competencies:
Business Acumen – Leverages business judgment to shape audit approach, based on understanding of operational, commercial, financial, and organizational requirements and capabilities. Understands the Hershey business units, regions and functions, and the manufacturing, commercialization and market access of its products and services.
Drive for Results – Pushes self to exceed goals and achieve breakthrough results. Recognizes the key actions necessary to achieve results, adheres to established priorities, and maintains focus on achieving established goals. Demonstrates persistence in removing barriers to achieving results and encourages others to do the same.
Prioritization and Judgment – Prioritizes and focuses on the right ideas, opportunities, issues, and projects. Develops decision criteria and considers benefits, costs, and risks of each decision and its immediate and long range implications. Makes timely, sound judgments in uncertain and changing situations.
Influential Leadership – Persuades others, within and outside of Hershey, without direct authority or formalized structure. Understands other's needs, motivations, concerns, and positions. Establishes credibility with stakeholders and confidently influences their opinions and actions. Inspires others to adopt common vision, achieve organizational change, and accomplish business strategies.
Partnership – Develops and maintains quality, long-term relationships and partnerships based on trust, transparency, communication, and credibility with key internal and external stakeholders to accomplish project objectives. Works to find common ground and mutually beneficial solutions to conflicts. Uses diplomacy and tact to diffuse high-tension situations.
Global Mindset – Thinks from a global perspective and understands market, regulatory, political, economic, and cultural differences across countries and regions and their interdependencies. Understands how stakeholders and teams work and communicate in other countries and regions and how to adapt behavior and strategy to ensure alignment with market and cultural differences.
Self-Development and Professional Growth – Understands performance standards and continuously raises the bar. Performs at their highest potential and achieve breakthrough results, accountable for own actions, and drives individual contributions and achievements.
Customer Focus – Supports a culture that strives to exceed customer needs and is creatively challenged by and responsive to customer experiences. Understands what successfully meeting customer needs looks like. Gives priority to customer needs and makes adjustments on methods and approaches based on continuously reevaluating how well customer needs are being met.
Minimum Education and Experience Requirements
Education: Bachelor's Degree in Accountancy, Information Security, Management Information Systems, or Other Related field required
Experience: Experience in IT general controls, application controls and/or other assurance services
- Minimum of 3 years direct experience in IT Audit specifically Cybersecurity
- Minimum of 1-2 years' experience in IT Audit
- Must have experience in ITGC (IT General Controls – change management controls, access security/security management or IT operations), Application Controls
- Must have strong verbal and written English Communication skills with a structured manner of thinking/communication
- Must have strong executive presence and capability to lead presentations with C Suite Level stakeholders across different regions. Possesses the confidence to establish their authority/credibility to cross cultural and cross functional teams across the globe
- Must be willing to travel least 3- 4x annually for onsite audit projects
- Must be willing to travel at least 2x annually for onsite audit projects
- Experience in COBIT or NIST framework and Data Analytics is preferred but not required
- Experience in Sarbanes Oxley/SOX Compliance (IT) is preferred but not required
- Experience in SOC 1 reviews/audits, Pre or Post-implementation Reviews, Vulnerability Assessment, Penetration Testing is preferred but not required
- CPA (Certified Public Accountant) or CISA (Certified Information Systems Auditor) is preferred but not required
- Members of ISACA or IIA is preferred but not required