IT Audit Principal
Epicor · Austin, TX · 1 wk ago
AccountingFull-time
What You'll Be Doing
- Lead the evaluation and ongoing monitoring of ITGCs to ensure adequate design, operating effectiveness, efficiency, and compliance with SOX requirements and regulatory expectations.
- Assess cybersecurity controls that intersect with ITGC domains, including identity and access management, privileged access, logging/monitoring, vulnerability management, and incident response.
- Drive evaluation of broader cybersecurity programs (e.g., NIST, ISO 27001) as dictated by our audit plan and underlying business objectives.
- Provide thought leadership and partnered advisory in the planning, scoping, and execution of IT SOX testing activities, including risk assessments and control rationalization.
- Evaluate System Development Life Cycle (SDLC) controls to ensure secure system implementation practices, including secure coding, change management, and vulnerability remediation.
- Partner with cybersecurity teams to assess risks related to cloud environments, infrastructure, and applications, ensuring appropriate controls are designed and operating effectively.
- Act as a liaison to external auditors for ITGC and cybersecurity-related audits, ensuring alignment and timely communication of findings.
- Lead root cause analysis and provide recommendations for control deficiencies, including those related to cybersecurity incidents and/or control gaps.
- Provide independent and objective advisory to IT and business stakeholders on control design, risk mitigation, and cybersecurity best practices.
- Develop, review, and maintain IT control documentation, including process flows, narratives, and control matrices, ensuring alignment with both SOX and cybersecurity requirements.
- Oversee and enhance the quarterly SOX certification process, incorporating cybersecurity risk considerations where applicable.
- Monitor emerging cybersecurity threats, regulatory changes, and industry trends, and assess their impact on the organization’s control environment.
- Enable continuous improvement initiatives across IT Audit and cybersecurity programs, including automation and deployment of new technologies.
- Build and leverage AI solutions and workflows to enable capacity or unlock capability for an Internal Audit function.
What You'll Likely Bring
- 8+ years of progressive experience in IT audit, IT compliance, SOX, and/or cybersecurity risk management (public accounting and/or industry).
- Big 4 is a plus.
- Specialized experience in the Software industry.
- Bachelor’s degree in Information Systems, Cybersecurity, Accounting, Finance, or related field.
- Relevant certifications such as CISA, CISSP, CISM, CRISC, CIA, or CPA (or equivalent).