Apply now »

Sr IT Audit Analyst

Posted Date:  Mar 2, 2023
Requisition Number:  115776

Work Setup: Hybrid

Location: Makati City

 

Sr. IT Audit Analyst– 1A

 

Role Summary: 

 

The Sr. IT Audit Analyst will support the following: SOX 404 Compliance – Facilitate business units and key functions’ compliance with established internal controls over financial reporting through effective execution of assigned SOX 404 tests of controls, supervision of internal audit team members and third-party contractors, and proper coordination with management and external auditors. Perform Systems Implementation Readiness Assessments – Serve as in-charge auditor or as key audit team member and perform assigned procedures to evaluate go-live readiness for each key module of Hershey’s ERP implementation (and subsequent Tier 1/2/3 systems implementations). Execute Global Internal Audit Engagements – Serve as in-charge auditor or as key audit team member for IT/cybersecurity audits performed globally. Lead or participate in multiple, concurrent audit projects as assigned. Ensure work quality in alignment with IIA standards. Effectively communicate audit findings to Audit Leadership, Auditees, and Senior Management. Participate in special projects as assigned – Special projects may include infrastructure & application security audits, vulnerability assessments, third party risk assessments, data analytics, GRC process control automations and other management requests. 

 

 

Major Duties and Responsibilities:

 

 

Perform Real-Time Systems Implementation Readiness Assessments:

  • Effectively perform assigned procedures to evaluate go-live readiness for each key module of Hershey’s ERP implementation (and subsequent Tier 1/2/3 systems implementations) leveraging working knowledge of SAP solutions and industry-recognized Project Management Body of Knowledge (PMBOK) and Systems Development Life Cycle (SDLC) standards.
  • Effectively communicate with Hershey IT and Business personnel to articulate the objectives of audit assessments, obtain required process understandings/documentation, align on identified risks/impact, and positively influence risk remediation via proposed recommendations.
  • Update Internal Audit project plans to reflect progress with respect to completion of assigned tasks, resource/timing constraints, and interdependencies to enable delivery of readiness assessments included within the Audit Plan.
  • Effectively identify risks to financial reporting reliability, business disruption, governance, IT security and compliance through the performance of assigned procedures and coordinate with the business to draft recommendations which effectively remediate identified risks.
  • Summarize the results of assigned go-live readiness assessment procedures in a manner which clearly articulates key identified risks/recommended action items for inclusion in executive-level reporting to Senior Leadership utilized to inform go-live decisions.

 

 

Support SOX 404 Compliance:

  • Facilitate compliance throughout assigned key business units and functions with standards of internal control over financial reporting promulgated by the Sarbanes-Oxley Act of 2002 through effectively executing assigned SOX 404 tests of controls.
  • Evaluate and identify opportunities to automate attribute/substantive/controls testing capabilities to achieve increased audit coverage and efficiency.
  • Execute quarter and annual management assistance and External Audit support requests and testing requirements.
  • Provide technical support to end users of the SOX 404 Application (Workiva).

 

 

Perform Vulnerability, Infrastructure & Application Security Audits:

  • Participate in Internal Audit’s IT risk assessment to identify high-risk cybersecurity and internal infrastructure/application vulnerabilities which should be incorporated in Audit’s Annual Audit Plan leveraging basic working knowledge of industry-recognized NIST, COBIT, or COSO frameworks and awareness of emerging global IT risk trends.
  • Effectively execute assigned procedures to perform external vulnerability and internal infrastructure/application security assurance reviews leveraging IT audit experience and technical knowledge gained via CISA and/or CRISC certifications.
  • Document results of audit procedures in the form of audit working papers which comply with IIA standards.
  • Update Internal Audit project plans to reflect progress with respect to completion of assigned tasks, resource/timing constraints, and interdependencies to ensure delivery of Audits in the Annual Plan.
  • Effectively identify risks to financial reporting reliability, business disruption, governance, IT security and compliance through the performance of assigned procedures and coordinate with the business to draft recommendations which effectively remediate identified risks.
  • Summarize the results of assigned audit procedures in a manner which clearly articulates key identified risks/recommended action items for inclusion in executive-level reporting to Senior Leadership.

 

 

 

Provide Integrated IT Support for Financial & Operational Assurance:

  • Effectively execute assigned audit procedures to evaluate and conclude upon the design and operating effectiveness of operating system/database security, user security, segregation of duties, interface security/error monitoring, systems change management, completeness/accuracy of data transmission, and IT risk posture of 3rd party service providers.
  • Document results of audit procedures in the form of audit working papers which comply with IIA standards.
  • Effectively identify risks to financial reporting reliability, business disruption, governance, IT security and compliance through the performance of assigned procedures and coordinate with the business to draft recommendations which effectively remediate identified risks.
  • Summarize the results of assigned audit procedures in a manner which clearly articulates key identified risks/recommended action items for inclusion in executive-level reporting to Senior Leadership.
  • Assist Audit Managers and Directors with performing value added data analytics utilizing Tableau and configuring continuous monitoring rules leveraging SAP GRC Process Control as requested.

 

 

 

Minimum knowledge, skills and abilities required to successfully perform major duties/responsibilities: 

 

Knowledge:

  • BS/BA degree in Accountancy, Computer Science, Management Information Systems, Information Security, Information Sciences or Technology required.
  • Knowledge in IT General Controls and Application Controls.
  • Experience in IT/cybersecurity audits, system implementation reviews, and/or SOX 404 testing and reporting.
  • Proficient working knowledge and experience leveraging COBIT, COSO, and other relevant standards required.
  • Experience in SAP, Netsuite and other ERP applications is a plus.

 

 

 

Soft Skills:

  • Must be highly principled and of the highest moral and ethical standards.
  • Well disciplined, free of bias, able to plan and take action independently, and at the same time maintain good rapport and working relationships with company management at all levels.
  • Solid critical thinking and issue resolution skills.
  • Exhibits executive presence and garners the respect of superiors, colleagues, and subordinates.
  • Proficiency with written and oral communications skills.
  • Must be able to travel internationally for audit fieldwork up to 10%.
  • Amenable to flexible work schedule.

 

Competencies: 

 

 

Team Approach:

Initiates open dialogue across the organization; forms alliances and coalitions across functional areas; recognizes the interdependence of team members throughout the organization.

 

Learning:

Learns from personal successes and failures and those of others and applies learning to new situations; learns quickly when facing new problems; versatile and experiments to try to find solutions; open to change; enjoys the challenge of an unfamiliar task.

 

Listening and Interpersonal Skills:

Practices attentive and active listening and has the patience to hear people out; can accurately restate the views of others even when he/she personally disagrees; relates well to all kinds of people, up, down, and across the internal organization and externally; builds rapport quickly; develops constructive and effective relationships; uses diplomacy and tact; can diffuse high-tension situations comfortably.

 

 

 

Education/Experience:

 

Education: BS/BA degree in Accountancy, Computer Science, Management Information Systems, Information Security, Information Sciences or Technology required.

 

 

 

Experience: 

  • At least 5 years total work experience in SOX 404 Compliance.
  • At least 1 year Team Management experience
  • Must have knowledge on IT General controls and Application Controls Testing
  • Must exhibit executive presence and garners the respect of superiors, colleagues, and subordinates
  • Must be able to travel internationally for audit fieldwork up to 10%.
  • Must be highly principled and of the highest moral and ethical standards.
  • Must be well disciplined, free of bias, able to plan and take action independently, and at the same time maintain good rapport and working relationships with company management at all levels.
  • Must have solid critical thinking and issue resolution skills.
  • Must be amenable to flexible schedule
  • English Communication Skill – Written and Verbal
  • Detail Oriented/excellent investigative skills
  • Competitive candidate
  • Good people management skills

 

#LI-AG1

#LI-Hybrid

Apply now »