Information technology auditor job description

Ferguson is North America's leading value-added distributor across residential, non-residential, new construction and repair, maintenance, and improvement (RMI) end markets. Spanning 34,000 suppliers and more than one million customers, we deliver local expertise, value-added solutions, and the industry's most extensive portfolio of products. From infrastructure, plumbing, and appliances, to HVAC, fire protection, fabrication, and more, we make our customers' complex projects simple, successful, and sustainable.
Ferguson has an exciting role open as an IT Auditor on our integrated Internal Audit team!

Please note: This position is 100% remote. Candidates may live anywhere in the continental United States. There are some occasional in person meetings out of Ferguson's corporate offices in Newport News, VA. The ability and willingness to travel at times required.

Responsibilities:
Maintains the annual IT General Controls (ITGC) testing program and ensures schedule is communicated across Ferguson PLC.Responsible for the ITGC reporting process that includes the results of testing activities, failures and remediation activities and supports the Head of Internal Audit with quarterly reporting to the Audit Committee.Participates in IT audits including assessment of ITGC, information security, cybersecurity and system implementation project planning and implementation protocol.Creates, reviews, and understands audit program planning including analysis of the relevant technologies and associated risk, review of prior audit report(s), and review of internal operational reports to understand relevant business risks.Participates in the opening, status, exit, and closing meetings.Carries out audit test programs and document work in detailed, high-quality work papers.Holds meetings with company personnel to understand the processes and gather evidence.Assists in drafting audit findings and recommendations.Assists the senior auditor/audit manager with drafting the audit report.Updates test results within audit software or other repositories.Assists with special projects and acquisition integration projects as assigned.Attend in-person trainings/team meetings on a quarterly basis.

Qualifications:
Bachelor's Degree (Information Management, MIS, Computer Science, Finance, Accounting or related combinations or degrees with business and technical mix).1-3 years of relevant work experience with public accounting firm, consulting firm, or internal audit desirable.Combination of professional certifications (CISA, CPA, or CIA preferred) and/or graduate degree in Business or Computer Science preferred.Solid understanding of IT risk and general information security concepts and technology infrastructure.Understanding of core IT general control processes (e.g., Information Security, Change Management, Agile System Development Lifecycle, IT Operations etc.).Understanding of Sarbanes Oxley (SOX).Understanding of Business Process controls is a plus.Knowledge of technical platforms, networks, security concepts, and data retrieval techniques.Proficiency in Microsoft Office: Excel, PowerBI, Visio, Word, PowerPoint, and Outlook.Dedication to ethical behavior and the ability to maintain objectivity.

Ferguson is dedicated to providing meaningful benefits programs and products to our associates and their families-geared toward benefits, wellness, financial protection, and retirement savings. Ferguson offers a competitive benefits package that includes medical, dental, vision, retirement savings with company match, paid leave (vacation, sick, personal, holiday, and parental), employee assistance programs, associate discounts, community involvement opportunities, and much more!

#LI-Remote
-
The Company is an equal opportunity employer as well as a government contractor that shall abide by the requirements of 41 CFR 60-300.5(a), which prohibits discrimination against qualified protected Veterans and the requirements of 41 CFR 60-741.5(A), which prohibits discrimination against qualified individuals on the basis of disability.

Ferguson Enterprises, LLC. is an equal employment employer F/M/Disability/Vet/Sexual Orientation/Gender Identity.

Equal Employment Opportunity and Reasonable Accommodation Information

At AT&T we're redefining the future of connectivity. At our core is a passion to serve our customers with products and services that create connections, improve lives and allow millions to share the stories and experiences that matter. Our Corporate teams are fueled by innovation and a desire to connect the world in meaningful ways. Join our team and bring your bold ideas, supporting and transforming our business across areas like marketing, finance and more.

Overall Purpose: Responsible for performing risk assurance and advisory engagements to analyze and assess the company's technological infrastructure to identify, report, recommend and validate audit corrective actions that enable processes and systems to run accurately and efficiently, while remaining secure and meeting compliance regulations.

Key Roles and Responsibilities: Performs technology risk assessments, identifies related technical and technology-dependent controls, defines assessment criteria, develops and executes technical test plans, identifies and reports deficiencies and recommendations, and performs follow-up on corrective actions, consistent with applicable professional standards required by the Audit Services Charter approved by the Board's Audit Committee. Has advanced knowledge of IT governance and security frameworks (e.g., ITIL, NIST) and control frameworks (COBIT, COSO) and methodologies and may be a specialist in specific technology platforms or domains including operating systems, databases, information security, public/private cloud, code development methodologies, technology governance, etc. Utilizes a data-first audit approach, technology audit tools, and Computer Assisted Auditing Techniques (CAAT) to perform advanced analysis of company technology environments. Identifies opportunities for data-driven technology risk insights, continuous auditing, and robotic process automation. Develops findings and recommendations for incorporation into an audit report and presents results to Senior Management. Work product may be shared directly with the Audit Committee of the Board of Directors. May work in a limited role as an extension of the company's independent auditors and/or on highly sensitive independent projects. May participate in audits in high-risk areas such as joint ventures, partnerships and subsidiaries.

Job Contribution: Exercises judgment within broadly defined practices and policies in selecting methods, techniques and evaluation criterion for obtaining results for technology-based risks. Operates primarily with a team as an individual contributor but may operate independently on an assignment basis. Project execution is critical to meet risk coverage and project commitments approved by the Audit Committee of the Board of Directors. Provides guidance to less experienced and non-technical team members.

Education: Typically a bachelors degree with information systems focus or equivalent combination of education and experience. CISA, CISM, CRISC, CISSP or other technology audit or advisory-related certifications preferred.
Experience: Typically requires 5-7 years of relevant experience

Supervisory: No

**Currently hiring in the Atlanta, Dallas, San Antonio and St Louis areas for a hybrid office role.**

Our Lead IT Auditors earn between $106,100 & $159,100, not to mention all of the other amazing rewards that working at AT&T offers. From health insurance to tuition reimbursement and paid time off to discounts on products and services just to name a few. There is a lot to be excited about around here.

A career with us, a global leader in communications and technology, comes with big rewards. As part of our team, you'll lead transformation surrounded by trailblazing industry leaders like you. You'll be empowered to go above and beyond - making a difference through company-sponsored initiatives or connecting and networking through one of our many employee groups. And regardless of where you're at in your career trajectory, you'll be rewarded by the impact that comes with making a difference in the lives of millions. With AT&T, you'll be a part of something greater, do incredible things and be rewarded with a chance to change the world.

Ready to join our team? Apply today!

AT&T will consider for employment qualified applicants in a manner consistent with the requirements of federal, state and local laws

We expect employees to be honest, trustworthy, and operate with integrity. Discrimination and all unlawful harassment (including sexual harassment) in employment is not tolerated. We encourage success based on our individual merits and abilities without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, disability, marital status, citizenship status, military status, protected veteran status or employment status

Every day, Global Payments makes it possible for millions of people to move money between buyers and sellers using our payments solutions for credit, debit, prepaid and merchant services. Our worldwide team helps over 3 million companies, more than 1,300 financial institutions and over 600 million cardholders grow with confidence and achieve amazing results. We are driven by our passion for success and we are proud to deliver best-in-class payment technology and software solutions. Join our dynamic team and make your mark on the payments technology landscape of tomorrow.
PURPOSE:

This new position provides an opportunity for a motivated technology and information security audit professional to make a strong contribution to Global Payments' growing Internal Audit team, and more specifically, within Internal Audit's advanced technology risk audit team.

As a Fortune 500 payments technology company, Global Payment's management recognizes the importance of managing and responding to risk. Internal Audit is an integral and valued component to Global Payments' risk management environment and works closely with management to deliver value-added and challenging audit projects in the area of information technology, information security, business operations, finance & accounting, and compliance using progressive audit procedures. Our philosophy is to evaluate complex business processes utilizing a risk-based approach, and to provide the greatest value to our internal clients. We strive to apply tailored and progressive audit procedures and to avoid standard check the box auditing. The department is consistently recognized for its contributions to organizational improvements due to its diverse, energetic and collaborative approach when working with management.

This role will deliver a diverse array of information technology and information security audits that include in-depth analysis and understanding of supporting business processes. This position will have the opportunity to evaluate numerous technology platforms and apply process, technology and security risk considerations. Specifically, the role will have the opportunity to evaluate technology risks and controls within major cloud technology provider environments (e.g, Amazon AWS, Google GCP, and Microsoft Azure) as the company continues cloud technology strategic initiatives. The candidate should have experience with a wide array of technology processes, such as infrastructure design and management, information security operations, service management, software development lifecycle, disaster recovery planning, etc. This position provides the opportunity for future career advancement as well as exposure to senior leadership and organizational divisions across the globe.

The Internal Audit team focuses heavily on risk-based audits that help management identify and reduce organizational risk. These projects vary each year and provide a high degree of challenge and diversity. The team also performs internal advisory projects and supports compliance audit responsibilities.

Familiarity with the payment processing industry and common technology control frameworks, including COBIT, NIST Cybersecurity, ISO 27000 series, PCI-DSS, and FFIEC IT Handbook is also preferred.
ESSENTIAL RESPONSIBILITIES:

Conduct risk-based audits including all aspects of the audit lifecycle, including risk assessment, planning, client coordination, fieldwork, data analysis, workpaper documentation, reporting, and remediation validation, with direction from senior team members.Strong focus on information technology and information security controls in executing integrated, risk-based audits to evaluate the design and effectiveness of internal controls. The auditor will also focus on the integration of IT and business process risk considerations within the audit process.Familiarity and understanding of technology control application in on-premise environments vs. increased automation of controls within cloud service provider (CSP) environments.Detailed understanding of IT managed processes, including technology architecture, system build and provisioning, configuration management, performance monitoring, incident management, change management, user access management, disaster recovery, etc.Evaluate key information security risks including confidentiality, integrity and availability of technology components through review of security operational processes, such as vulnerability management, penetration testing, security logging and monitoring, security incident response, and defense in depth strategies.Evaluate root cause factors for audit testing exceptions and recommend practical solutions that reduce risk and strengthen business processes and controls.Ensure audit testing work papers are documented in a consistent and high quality manner while executing project tasks in adherence to established timelines.Build and develop Internal Audit's brand within the company through meaningful relationship building. Enable continuous improvement of the Internal Audit department by identifying and communicating enhancement opportunities to department leadership.Support the development of other team members within the Internal Audit department.
KNOWLEDGE, SKILLS & ABILITIES:
Audit and/or consulting experience in most of these areas:
Information and data security for payment card data and publicly-identifiable information Technology control application within cloud environments and usage of automated processes and cloud architectures such as CI/CD deployment pipelines, infrastructure-as-code, containerization, etc.Application security, including segregation of duties and least privileged access Technology infrastructure security, including mainframe, UNIX/LINUX, Windows, SQL Server and Oracle database Integration of business process controls with supporting technologies. Business process workflow documentation, including identification of key risks and the corresponding business and technology controls Systems development, project management and change management IT infrastructure design, management and operations Business continuity and disaster recovery
Ability to work in a complex and evolving environment.Demonstrate strong project management and execution skills, including: prioritizing tasks, balancing workload, anticipating next steps, and adapting to change.Tailor project approaches based on areas of key risks. Critically evaluate audit procedures to maximize the value of each audit project. Strong communication and presentation skills with an ability to tailor communications to different audiences.Pursue work with enthusiasm, energy, drive and team collaboration.Establish and build effective relationships.Collaborate with management and senior leadership to improve internal controls and processes.Assist and provide guidance to the Internal Audit staff, when needed; train staff during fieldwork.Proactively communicate issues with colleagues and obtain agreement on audit findings and practical recommendations with control owners prior to presentation to management.
REQUIRED QUALIFICATIONS:
+ years of relevant audit and risk management experience.Knowledge of auditing principles and practices, and the analysis and reporting of audit information.Bachelor's degree in Auditing, Business Management or Information Technology.Merchant Acquiring / Payment Processing, Card Issuance, and Private-label Consumer Solutions industry experience preferred.Experience with internal control frameworks, including COBIT, FFIEC, PCI DSS, Sarbanes-Oxley, ISO27001, and ITILCIA, CISA, CISM, CISSP or other relevant certifications are preferred.Big Four audit or risk advisory experience preferred10-15% travel requirement, including some international travel

Global Payments Inc. is an equal opportunity employer.
Global Payments provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex (including pregnancy), national origin, ancestry, age, marital status, sexual orientation, gender identity or expression, disability, veteran status, genetic information or any other basis protected by law. Those applicants requiring reasonable accommodation to the application and/or interview process should notify a representative of the Human Resources Department.