Sr. Auditor, IT Internal Audit
About the role
This role will broadly support the CarMax Audit Services team through the development and execution of the department’s audit plan. This is a unique opportunity to build a strong understanding of CarMax’s business processes and technology, as well as partner with teams throughout the organization in both an audit and advisory role.
Responsibilities
- Provide assurance: Perform and lead audits and reviews of various regulatory, operational and/or technological processes and controls, including integrated audits and the annual SOX IT audit.
- Collaborate as a trusted Risk Advisor: Consult with a risk-based mindset to provide guidance and assurance in pre-implementation reviews, company initiatives, and other process and system enhancements as requested by the business; ensure controls are implemented to mitigate risks (operational, regulatory, reputational, strategic, and financial risk)
- Lead and execute fieldwork to prepare high-quality workpapers summarizing procedures performed.
- Maintain strong business relationships and coordinate cross-functionality to align on risk, scope of work and results.
- Promote innovative and forward-looking problem solving to target root cause; provide recommendations contributing to operational excellence.
- Leverage your creativity to organize and present key project information through a variety of communication methods and tools, focusing on high-impact, high-value deliverables.
- Foster an environment of continuous improvement by:
- Championing a culture of risk awareness and internal controls.
- Staying abreast of key changes, trends, and best practices within CarMax, the audit profession, the technology industry, and relevant regulatory environment.
- Helping lead department initiatives to identify efficiencies and improvements in work execution and internal processes.
Requirements
- You are genuinely inquisitive. You want to understand key components of a process and you leverage the right questions and tools to absorb and analyze facts, identify problems, and recommend improvements.
- You’re organized. You have a knack for planning and execution – from the initial identification of objectives to structuring a work plan for execution. This sets you up for success when managing multiple projects concurrently to meet deadlines and deliver on customer commitments.
- You communicate clearly and effectively – both in written and verbal scenarios. Not only does this help you effectively convey your message in various settings, but it also helps showcase your subject matter expertise and drive consensus in decision-making.
- You also model and encourage teamwork, inclusion, and diverse viewpoints. These leadership traits allow you to motivate and persuade others (including associates in Audit Services and business partners across the organization), even without authority.
Qualifications and Requirements
- Bachelor’s degree, preferably in Computer Science, Accounting Information Systems, Accounting/Finance, or other related business field
- 4+ years of information systems auditing experience or other relevant work experience in an IT internal audit or other IT risk/compliance/consulting function
- Detailed knowledge and testing experience with IT general controls (“ITGCs”) across all layers of technology to include the application, operating system, and database
- Understanding of traditional and emerging technology domains, including cybersecurity, cloud, artificial intelligence, infrastructure, networking, data warehouses, integration strategies, IT operations, IT risk management, and IT governance
- Technical skills and capabilities to support audits of complex technology areas and a desire to learn and develop knowledge of CarMax’s technology suite, tools etc. (e.g. ERPs, custom applications, security and coding tools, SQL scripting, database structure design, robotic process automation)
- Prior experience: Performing risk assessments, scoping activities, test planning, and walkthroughs in support of IT audit projects
- Assessing the design and operating effectiveness of technology controls, including testing complex ITGCs across a variety of technologies/systems
- Testing completeness and accuracy of reports and integrations
- Evaluating processes to identify controls and the associated system dependencies
- Performing system development and implementation reviews, including experience with Agile methodologies
Skills and experience preferred
- SOX 404
- Experience with tools and technologies to facilitate fieldwork and data analysis (SQL, Alteryx, Python, etc.)
- Use of robotic process automation (RPA) and artificial intelligence (AI) to enhance audit efficiency, improve risk detection, and deliver actionable insights
- Retail industry and/or financial services knowledge; preferably within a publicly held company
- Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC)
About CarMax
CarMax disrupted the auto industry by delivering the honest, transparent and high-integrity experience customers want and deserve. This innovative thinking around the way cars are bought and sold has helped us become the nation’s largest retailer of used cars, with over 200 locations nationwide.
Our amazing team of more than 25,000 associates work together to deliver iconic customer experiences. Along the way, we help every associate grow their career and achieve their best, at work and in their community. We are recognized for our commitment to training and diversity and are one of the FORTUNE 100 Best Companies to Work For®.
CarMax is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, protected veteran status, disability status, or any other characteristic protected by law.