Our Purpose
We work to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. We cultivate a culture of inclusion for all employees that respects their individual strengths, views, and experiences. We believe that our differences enable us to be a better team – one that makes better decisions, drives innovation and delivers better business results.
Title And Summary
IT SOX Audit, Senior Analyst
Overview
The Senior Analyst, IT SOX Audit will support our SOX Compliance program within the Finance Organization and will report into the Manager, Risk Management. This position will primarily focus on scoping and evaluation of general and application IT controls. The Senior Analyst will be responsible for managing and executing various aspects of the program including IT scoping, delivery of the program, and reporting of results. The Senior Analyst will work closely with our shared services center, business owners, worldwide IT departments, Technology Controls team, internal and external auditors, and regional controllers.
Requirements for this position include extensive knowledge of IT general and application controls, strong understanding of IT control frameworks (e.g., COBIT, NIST Cybersecurity, NIST SP 800-53, CIS/SANS Top 20), familiarity with SEC/PCAOB regulations, COSO and US GAAP, as well as the demonstrated ability to monitor an effective global risk-based IT control environment.
- Are you looking to join a fast-paced, collaborative environment supporting a world class growing organization?
- Do you have the ability to think strategically and execute a complex project?
- Do you have a risk-based mindset?
- Are you IT savvy?
- Do you have the ability to drive change and improve awareness across the organization?
Role
- Support the execution of various SOX program components, including IT scoping, IT risk assessment, training of stakeholders on IT control-related best practices, IT control testing and review, remediation recommendations, deficiency evaluations and reporting
- Assess and determine design effectiveness of IT controls
- Assist with the formalization of SOX processes as part of SOX readiness efforts, as needed
- Experience covering multiple technology environments such as Mainframe, UNIX/Linux, and Windows environments
- Work with business owners to address any potential control gaps that may require remediation
- Partner with various business owners and IT teams including technology compliance, operations, development, and application support to provide expertise in assessing the design and effectiveness of IT controls
- Evaluate IPE (information produced by entity) for completeness and accuracy
- Review third-party vendor attestation and audit reports, and provide feedback to business leaders and risk owners
- Liaise with regional financial and IT stakeholders as well as internal and external auditors
- Ensure the delivery of high quality, timely work products
- Continuously identify efficiencies in the SOX program and opportunities for optimization of the financial and operational processes and controls through interaction and partnership with management
- Exhibit strong project management skills with the ability to work independently and hold self and others accountable to deadlines
- Demonstrate the ability to exercise judgment and display a high standard of ethics and professionalism
- Demonstrate exceptional communications skills, both written and verbal, with the ability to understand complexities of the business
All About You
- CPA, CISA or equivalent certification required
- Has a strong understanding of IT control concepts and framework such as COBIT, NIST Cybersecurity, NIST SP 800-53, CIS/SANS Top 20, Sarbanes Oxley, COSO, and leading business practices
- Recent experience providing IT auditing or IT advisory-type services
- Knowledge of best practices around IT controls
- Working knowledge of current PCAOB Auditing and Accounting Standards
- Experience with the IT external audit or risk advisory services or an in-house Technology Risk Management (first/second line of defense) or equivalent experience in a large, regulated organization with exposure to both infrastructure and applications
- Knowledge of common enterprise and web application technologies
- Familiarity with audit automation preferred
- Proven ability to manage complex engagements or programs
- Excellent oral and written communication skills and interpersonal skills with emphasis on building strong, longer-term relationships worldwide across varying geographies and functions
- Detail oriented, self-motivated with the ability to meet project deadlines and deliverables in a fast-paced environment
- Experience in risk management field (e.g., risk management, audit, compliance) desired
- Effective ability to influence, drive change and resolve conflicts
- Strong analytic, logical reasoning and problem solving skills
- Strong project management skills to lead and prioritize multiple projects
- Demonstrated ability to drive change and continuous improvement
- Some travel may be required in the future, up to 10%
Mastercard is an inclusive equal opportunity employer that considers applicants without regard to gender, gender identity, sexual orientation, race, ethnicity, disabled or veteran status, or any other characteristic protected by law. In the US or Canada, if you require accommodations or assistance to complete the online application process or during the recruitment process, please contact reasonable_accommodation@mastercard.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly.
Corporate Security Responsibility
All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:
- Abide by Mastercard’s security policies and practices;
- Ensure the confidentiality and integrity of the information being accessed;
- Report any suspected information security violation or breach, and
- Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.
In line with Mastercard’s total compensation philosophy and assuming that the job will be performed in the US, the successful candidate will be offered a competitive base salary based on location, experience and other qualifications for the role and may be eligible for an annual bonus or commissions depending on the role. Mastercard benefits for full time (and certain part time) employees generally include: insurance (including medical, prescription drug, dental, vision, disability, life insurance), flexible spending account and health savings account, paid leaves (including 16 weeks new parent leave, up to 20 paid days bereavement leave), 10 annual paid sick days, 10 or more annual paid vacation days based on level, 5 personal days, 10 annual paid U.S. observed holidays, 401k with a best-in-class company match, deferred compensation for eligible roles, fitness reimbursement or on-site fitness facilities, eligibility for tuition reimbursement, gender-inclusive benefits and many more.
Pay Ranges
O'Fallon, Missouri: $82,000 - $127,000 USD
R-231211