Senior Technology Risk Auditor
At DICK'S Sporting Goods, we believe in how positively sports can change lives.
On our team, everyone plays a critical role in creating confidence and excitement by personally equipping all athletes to achieve their dreams.
We are committed to creating an inclusive and diverse workforce, reflecting the communities we serve.
If you are ready to make a difference as part of the world's greatest sports team, apply to join our team today!Overview:
Summary DescriptionThe Senior Technology Risk Auditor will be a key member of the Internal Audit department and will be responsible for evaluating the effectiveness of internal processes and controls to mitigate technology, security, and business risks.
Job Duties & ResponsibilitiesTechnology and Integrated Audits
Performs general technology and integrated audits, with a focus on infrastructure, cloud environments, application audits, application controls, and/or interface controls, as applicable to each audit
Responsible for performing risk assessments and documenting processes for audit areas.
Performs risk assessments to identify relevant risks to the applicable audit and determine the extent of testing procedures to be performed
Where applicable, partners with auditees to document process and data flows for areas under audit to use as a validation tool with the auditee to confirm understanding of the process and to document risks, control points, and scoping decisions
Schedules and holds walk-through meetings with auditees.
Drafts request lists for audits and manages requests to account for turnaround time and potential follow-up requests; monitors requests for completion and reviews received requests in a timely manner to ensure they meet the audit objectives.
Executes audit fieldwork to consider inherent risks of the processes audited.
Assists team in root cause analyses and exposure checks for issues identified
Communicates with audit contacts on requests, follow-up questions, and discusses observations identified through fieldwork with the Technology Internal Audit Manager, Senior Manager, and/or Director prior to discussing with the auditee.
Uses audit engagement to develop or strengthen relationships with auditees.
Communicate audit results and recommendations for improvement to Management through formal audit reports and presentations that consider root causes, impact/exposure, and both near and long-term recommendations/solutionsSpecialized Risk Audits
Performs the activities above for specialized areas of focus including
Cybersecurity audits, with a focus on evaluating controls and levels of maturity against the NIST Cybersecurity Framework
Privacy audits, with a focus on evaluating controls and levels of maturity against the NIST Privacy Framework
o System Implementations, with a focus on both waterfall and agile development methodologies, to evaluate development, project management, integration, data conversion/validation, and testing controlsSarbanes-Oxley (SOX) and Internal Control Testing
Interact with auditees to gain an understanding of the technology processes and internal controls.
Execute defined test steps to evaluate the controls, including technology general controls, application/interface, entity-level, and enterprise risk management.
Adequately prepares exception support and examples for findings and improvement opportunities.
Perform detailed audit testing, including root cause analyses, and assess any exposure or residual risk
Communicate audit results and recommendations for improvement to Management through formal audit reports and presentationsOn-Site Store and Distribution Center Audits
Perform on-site physical inventory observations and other audit procedures at various stores
Assist the financial/operational audit team in performing Distribution Center audits
Communicate audit findings and recommendations for improvement to Management via audit reports and closing meetings
Qualifications:
Bachelor's Degree in Information Systems Management, Data Science, Cybersecurity, or Audit
3 - 5 years of experience in technology audit, cybersecurity, or risk experience required; public accounting or consulting experience preferred
CISA, CIA, CRISC, CIPP/US and/or CIPM certifications preferred
Understanding of Technology Risk Assessment, SOX, general technology controls, system implementation risks/controls, data governance, cybersecurity controls, and privacy risks
Auditing in various technology environments:
Azure, Windows, Unix, Oracle, SQL Server Database, and/or iSeries
Technical audit knowledge of infrastructure, cloud, application controls, interface controls, control frameworks (e.
g.
, PCI DSS, NIST, COSO), and development methodologies
Ability to perform root cause analysis and understand risk exposure
Proven ability to adapt to change
Excellent relationship-building skills with a strong client-service focus
Ability to travel up to 15% of the time
In-depth analytical skills
Strong presentation skills
Excellent written & Verbal Communication Skills
Problem solving & troubleshooting capabilities #LI-SL1
Bachelor's Degree in Information Systems Management, Data Science, Cybersecurity, or Audit
3 - 5 years of experience in technology audit, cybersecurity, or risk experience required; public accounting or consulting experience preferred
CISA, CIA, CRISC, CIPP/US and/or CIPM certifications preferred
Understanding of Technology Risk Assessment, SOX, general technology controls, system implementation risks/controls, data governance, cybersecurity controls, and privacy risks
Auditing in various technology environments:
Azure, Windows, Unix, Oracle, SQL Server Database, and/or iSeries
Technical audit knowledge of infrastructure, cloud, application controls, interface controls, control frameworks (e.
g.
, PCI DSS, NIST, COSO), and development methodologies
Ability to perform root cause analysis and understand risk exposure
Proven ability to adapt to change
Excellent relationship-building skills with a strong client-service focus
Ability to travel up to 15% of the time
In-depth analytical skills
Strong presentation skills
Excellent written & Verbal Communication Skills
Problem solving & troubleshooting capabilities #LI-SL1 Recommended Skills Accounting Adaptability Agile Methodology Analytical Auditing Certified In Risk And Information Systems Control Estimated Salary: $20 to $28 per hour based on qualifications.
On our team, everyone plays a critical role in creating confidence and excitement by personally equipping all athletes to achieve their dreams.
We are committed to creating an inclusive and diverse workforce, reflecting the communities we serve.
If you are ready to make a difference as part of the world's greatest sports team, apply to join our team today!Overview:
Summary DescriptionThe Senior Technology Risk Auditor will be a key member of the Internal Audit department and will be responsible for evaluating the effectiveness of internal processes and controls to mitigate technology, security, and business risks.
Job Duties & ResponsibilitiesTechnology and Integrated Audits
Performs general technology and integrated audits, with a focus on infrastructure, cloud environments, application audits, application controls, and/or interface controls, as applicable to each audit
Responsible for performing risk assessments and documenting processes for audit areas.
Performs risk assessments to identify relevant risks to the applicable audit and determine the extent of testing procedures to be performed
Where applicable, partners with auditees to document process and data flows for areas under audit to use as a validation tool with the auditee to confirm understanding of the process and to document risks, control points, and scoping decisions
Schedules and holds walk-through meetings with auditees.
Drafts request lists for audits and manages requests to account for turnaround time and potential follow-up requests; monitors requests for completion and reviews received requests in a timely manner to ensure they meet the audit objectives.
Executes audit fieldwork to consider inherent risks of the processes audited.
Assists team in root cause analyses and exposure checks for issues identified
Communicates with audit contacts on requests, follow-up questions, and discusses observations identified through fieldwork with the Technology Internal Audit Manager, Senior Manager, and/or Director prior to discussing with the auditee.
Uses audit engagement to develop or strengthen relationships with auditees.
Communicate audit results and recommendations for improvement to Management through formal audit reports and presentations that consider root causes, impact/exposure, and both near and long-term recommendations/solutionsSpecialized Risk Audits
Performs the activities above for specialized areas of focus including
Cybersecurity audits, with a focus on evaluating controls and levels of maturity against the NIST Cybersecurity Framework
Privacy audits, with a focus on evaluating controls and levels of maturity against the NIST Privacy Framework
o System Implementations, with a focus on both waterfall and agile development methodologies, to evaluate development, project management, integration, data conversion/validation, and testing controlsSarbanes-Oxley (SOX) and Internal Control Testing
Interact with auditees to gain an understanding of the technology processes and internal controls.
Execute defined test steps to evaluate the controls, including technology general controls, application/interface, entity-level, and enterprise risk management.
Adequately prepares exception support and examples for findings and improvement opportunities.
Perform detailed audit testing, including root cause analyses, and assess any exposure or residual risk
Communicate audit results and recommendations for improvement to Management through formal audit reports and presentationsOn-Site Store and Distribution Center Audits
Perform on-site physical inventory observations and other audit procedures at various stores
Assist the financial/operational audit team in performing Distribution Center audits
Communicate audit findings and recommendations for improvement to Management via audit reports and closing meetings
Qualifications:
Bachelor's Degree in Information Systems Management, Data Science, Cybersecurity, or Audit
3 - 5 years of experience in technology audit, cybersecurity, or risk experience required; public accounting or consulting experience preferred
CISA, CIA, CRISC, CIPP/US and/or CIPM certifications preferred
Understanding of Technology Risk Assessment, SOX, general technology controls, system implementation risks/controls, data governance, cybersecurity controls, and privacy risks
Auditing in various technology environments:
Azure, Windows, Unix, Oracle, SQL Server Database, and/or iSeries
Technical audit knowledge of infrastructure, cloud, application controls, interface controls, control frameworks (e.
g.
, PCI DSS, NIST, COSO), and development methodologies
Ability to perform root cause analysis and understand risk exposure
Proven ability to adapt to change
Excellent relationship-building skills with a strong client-service focus
Ability to travel up to 15% of the time
In-depth analytical skills
Strong presentation skills
Excellent written & Verbal Communication Skills
Problem solving & troubleshooting capabilities #LI-SL1
Bachelor's Degree in Information Systems Management, Data Science, Cybersecurity, or Audit
3 - 5 years of experience in technology audit, cybersecurity, or risk experience required; public accounting or consulting experience preferred
CISA, CIA, CRISC, CIPP/US and/or CIPM certifications preferred
Understanding of Technology Risk Assessment, SOX, general technology controls, system implementation risks/controls, data governance, cybersecurity controls, and privacy risks
Auditing in various technology environments:
Azure, Windows, Unix, Oracle, SQL Server Database, and/or iSeries
Technical audit knowledge of infrastructure, cloud, application controls, interface controls, control frameworks (e.
g.
, PCI DSS, NIST, COSO), and development methodologies
Ability to perform root cause analysis and understand risk exposure
Proven ability to adapt to change
Excellent relationship-building skills with a strong client-service focus
Ability to travel up to 15% of the time
In-depth analytical skills
Strong presentation skills
Excellent written & Verbal Communication Skills
Problem solving & troubleshooting capabilities #LI-SL1 Recommended Skills Accounting Adaptability Agile Methodology Analytical Auditing Certified In Risk And Information Systems Control Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
