Overview
Intuit’s Finance team drives business growth and profitability through strategic, financial and operational leadership. Come join the Finance team as a Technology Audit Manager with the Internal Audit team. Internal Audit supports the achievement of Intuit’s goals through trusted partnerships, objective risk identification, and innovative audit services.
What you'll bring
- 10+ years of progressive internal audit experience in either Big 4 public accounting, and/or in industry, including at least 3-5 years of supervisory responsibility
- Bachelor’s or Master’s degree in a relevant discipline (e.g. Computer Science) or equivalent work experience
- CISA, CISM and/or CISSP certifications preferred
- Demonstrated knowledge of technology risks, including direct experience evaluating the effectiveness of cybersecurity, privacy and engineering controls
- Working knowledge of information technology best practices and control frameworks such as NIST CSF, ISO27001 and COBIT
- Demonstrated influencing skills including the ability to explain complex topics in simple terms and inspire transformational improvement in internal controls
- Excellent written & verbal communication and presentation skills
How you will lead
As a member of Intuit’s Internal Audit team, collaborate with colleagues and stakeholders to deliver operational, compliance and integrated audits with special emphasis on system implementations, cybersecurity and privacy. You are a driven manager who is looking to put their auditing experience and technical expertise to deliver on the Internal Audit Plan.
As an individual contributor manager (managing 3rd party resources in a co-sourced model) you will conduct technology focused audits, including integrated audits. You will work with the Engineering, IT, Security and Privacy functions of this fast-paced, rapidly changing business, and directly with key stakeholders to drive assurance and advisory audits. You are excellent at communicating vertically and horizontally across the company and will be comfortable working cross-functionally and providing technical guidance to other teams within internal audit.
Core Responsibilities Include
- Manage and direct the work streams related to IT SOX compliance and application controls.
- Provide technical support in the assessment, design and implementation of ITGC requirements.
- Review new systems architecture and determine SOX scoping for ITGCC and IT application controls.
- Review control evidence for adherence to accuracy, completeness and precision of control execution for all ITGC.
- Review test findings, facilitate the remediation of ITGC control gaps, and escalate possible critical issues to senior management within IT.
- Guide the planning, scoping and execution of audits primarily in areas associated with technology and technology-related risks (e.g. cybersecurity, privacy, and business resilience) including reviews of new and enhanced products and supporting systems, process changes and system implementations.
- Work with Security and Privacy teams to understand the information security and privacy risk profile and use this knowledge for audit planning and execution.
- Partner with security and engineering teams to lead and manage and contribute to the technology audits
- Design, lead and execute audit programs, including security and privacy audits, operational process reviews, system implementation reviews, application and other IT-related risk areas. Create and lead ad-hoc analyses of financial and IT data.
- Work cross-functionally on technology implementation projects to provide IT controls expertise and test controls to meet information security and privacy requirements. Understand applicable laws and regulations to provide a point of view on audit requirements related to information security and privacy controls.
- Work with management and users to interpret the significance of audit findings, conclude on findings, make practical recommendations, and verify that remediation plans are implemented.
- Lead the report drafting process including framing of audit observations within the relevant business context, formulation of practical recommendations that balance stakeholder needs, and development of useful insights for management.
- Demonstrate strong technical skills and understanding of key security, privacy, agile engineering practices.