CDK is amid a significant transformation, and we are looking to hire someone who can be part of this exciting journey. As a member of the Internal Audit organization, this position will act as the liaison for the IT and Product & Technology security and compliance organizations. IT Audit provides independent and objective control assurance and advisory services with a goal of adding value to CDK's IT organization. The IT Audit team assists IT in accomplishing their objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of IT governance, risk management, and internal control. The ideal candidate will have a strong working knowledge of IT and IT auditing with at least 4 years of progressive experience in a "Big Four" or other consulting/professional services environment and at least 8 years of overall experience. The IT Audit Risk and Compliance Manager will:
Manage IT SOX compliance testing and coordination with control owners, and external auditors
Provide oversight and coordination over SOC 1 & 2 risk assessment and control activities with control owners, Product and IT management, external auditors and customers
End to end development, execution and conclusion of information technology, information security, technology product and related audits
Prepare formal written reports expressing conclusions, review results with management and perform ongoing reporting of remediation efforts
Recommend improvements to systems, procedures and processes to minimize risks, improve efficiency, or generate cost savings
Perform validation of exceptions including quantifying risks, investigating root causes, and working with owners to establish action plans
Maintain an adaptive, yet agile approach based on the in-scope entity's technical architecture and use of specific technology platforms or configurations.
Ability to apply data analytics across IT environment for advanced audit planning and continuous audit concepts
Responsibilities:
Annual audit plan and Stakeholder Engagement
Assist in executing and managing risk-based audit plan based on audit methodology
Develop business partnerships with IT, Product, Privacy, Security and other key management and stakeholders to facilitate discussions for risk assessments and audit planning
Participate and lead in cross functional IT, Security, Privacy, Product discussions and stakeholder management
Maintain relationships with external auditors regarding IT SOX and SOC engagements
Evaluate significant corporate initiatives, implementations, etc. to ensure appropriate risks and controls have been considered
Provide inputs to the CAE on the plan each quarter to ensure adequacy of coverage and incorporate emerging risk areas as part of quarterly rolling audit plan
Management of IT Compliance Testing (SOX and SOC)
Collaborate with other IT and Product risk assurance functions as it relates to proactive identification and management of risks and opportunities
Build trust and maintain positive relationships with internal partners, cross-functional teams, and external auditors.
Identifies and shares improvement opportunities to control owners on testing and documentation in performance of the controls
Escalates, researches, and assesses deficiencies identified and works with management to identify an appropriate solution. Evaluate remediation activities and perform retesting to verify appropriate resolution
Identifies opportunities for enhancements in overall SOX and SOC program efficiency and effectiveness for centralization, standardization, and automation
Execution of audit plan
Develop work programs and perform the execution of IT audits and oversee preparation of work papers to adequately document systems, processes and controls using narratives and process design flows, audit work performed to test design and operating effectiveness, and support conclusions reached.
Evaluate significant corporate initiatives, implementations, etc. to ensure appropriate risks and controls have been considered
Perform advanced audits in the areas of emerging technology risks - cybersecurity, cloud platforms, IT governance, Agile Software Development Cycle methodologies, Enterprise Cybersecurity
Continuously monitor progress / quality of assigned projects and audit findings
Ensure use of IT Audit tools where applicable
Qualifications:
Bachelor's degree in management information systems, Computer Science, Mathematics, Business, Finance or Accounting
8+ years of professional experience in IT Governance, IT Risk, IT Audit, IT Operations or related fields, preferably with a Fortune 1000 companies or Big 4 consulting experience within advisory or assurance.
CISM, CISA, CISSP, CRISC designation or other relevant certification is required.
Solid experience in the Identity Access Management space, ERP Systems (Oracle)
Experience supporting audits and assessments across cloud technology (AWS, Azure), Software-as-a-Service (Workday, COUPA, etc.)
IT SOX/SOC/ISO strategy and experience
Understanding of regulatory and external requirements as they relate to IT, privacy, and cybersecurity for regulations such as HIPAA, GDPR, and SOX.
Experience using industry standards/frameworks, such as NIST 800-53, NIST 800-171, NIST Privacy Framework, CSA CCM, ISO 27001, ITIL v3, COBIT and FAIR is desirable.
Knowledge of IT Operational Functions including IAM, Asset Management, Cybersecurity, Data Privacy.
Track record of working alongside business leaders, positioning internal audit as a strategic partner, identifying and helping mitigate risk.
Superior business acumen: ability to build positive relationships and trust with company leadership and business process owners.
Modern Audit/ Data-Driven Approach - Track record of leveraging technology and using data to drive insights and actions.
Strong quantitative and qualitative analysis skills; ability to take large volumes of complex information and present it in a clear and concise manner.
Understanding of the quality regulations and auditing techniques required for the SAAS industry.
Salary Range: $130,000 - $135,000
CDK Global is committed to fair and equitable compensation practices. Compensation packages are based on several factors, including but not limited to skills, experience, certifications, and work location. The total compensation package for this position may also include annual performance bonus, benefits and/or other applicable incentive compensation plans.We offer Medical, dental, and vision benefits in addition to:
Paid Time Off (PTO)
401K Matching Program
Tuition Reimbursement
At CDK, we believe inclusion and diversity are essential in inspiring meaningful connections to our people, customers and communities. We are open, curious and encourage different views, so that everyone can be their best selves and make an impact.
CDK is an Equal Opportunity Employer committed to creating an inclusive workforce where everyone is valued. Qualified applicants will receive consideration for employment without regard to race, color, creed, ancestry, national origin, gender, sexual orientation, gender identity, gender expression, marital status, creed or religion, age, disability (including pregnancy), results of genetic testing, service in the military, veteran status or any other category protected by law.
Applicants for employment in the US must be authorized to work in the US. CDK may offer employer visa sponsorship to applicants.
