IT Senior Internal Auditor (Remote)
  • Ukraine
  • Solera, Inc.
1 year before
31.01.2024
Securely Provision
Risk Management
Job Description

The Role

The Global Audit and Risk Services department is currently looking for an IT Senior Internal Auditor to document, review and evaluate internal controls over financial reporting (Sarbanes-Oxley, “SOX”) and conduct internal control reviews focused on providing recommendations for improving business processes / operations, internal control structure and financial systems of the company’s corporate and global regions (Americas, EMEA, APAC, etc.). This role is located in our Madrid office.

In addition, the IT Senior Internal Auditor will be expected to support with assurance that the Global Information Security Management System adheres to the ISO 2700X / 22301 standards, to Solera’s IT controls requirements, and other standards.

The role will be reporting the IT Internal Audit Director.

We consider this position as our opportunity to select and qualify talent to join our Corporate Global Risk and Audit Services team and support our future organizational growth. Ideal candidates are output-focused, goal-oriented, proactive, diligent, organized, flexible and eager to take on new challenges. To be successful in this role, this individual must have experience working for a large accounting firm and/or public company with background in Sarbanes-Oxley IT general controls, ISO 2700X / 22301, internal controls related to various systems, including ERPs and business process reviews.

What You'll Do

Perform, evaluate, assess, provide opinion and follow General IT Controls (GITCs) audit plans aligned with business objectives.
Perform special projects including, but not limited to, special investigations, incident reviews, organizational structure reviews, business process reengineering and contract reviews.
Conduct, and document audits, according to audit program and audit schedule. Establishing Internal audit plan based on business needs and associated risks.
While on audits, assess controls, identify control weaknesses and communicate areas for process improvements. Perform follow-up of implementation of agreed and communicated remediation actions and timely escalations.
Prepare detailed assessment reports following each audit using the formal internal audit procedure and process.
Report all findings to the Solera management team and ensure that corrective action plans are implemented accordingly by performing review of effectiveness of corrective actions.
Preparing regular Internal Audit report to Local and Global management.
Provide an understanding of information security (ISO 2700X) and business continuity (ISO 22301) standards for logical and physical security implementations.
Assist in any type of IT compliance implementation project (ISO, SOC, GDPR, etc.) and fully participate in the internal audit process before official reviews.
The successful candidate will also be required to provide support to the Solera information security and business functions as required by the Global Audit and Risk Services Management.
Work directly with all levels of employees, including Senior Management throughout the Company.
Perform other related duties as assigned.

What You'll Bring

Bachelor’s degree, or equivalent, with emphasis in Information Technology, Business or a related field.
English bilingual skills are required. Ability to quickly comprehend and document content during meetings without losing focus on understanding the objective.
The required skills, knowledge and abilities are typically acquired through at least 6 years of public accounting, IT internal auditing, and/or SOX/internal controls experience.
Experience with different information security and data privacy standards and frameworks such as ISO2700X / 22301, SOC, GDPR etc.
Certified Information Systems Auditor (CISA) nice to have.
Practical experience in risks and compliance assessments (GITC / ALC) over digital solutions, technology, and systems.
Team player with a focus on the big picture and overall success of the customers, the team, and Solera.
Build strong relationships with relevant business partners to understand their business and identify appropriate risk mitigations and opportunities to add value
Must be self-driven and work independently in multinational environment
Passion and commitment to quality
Ability to work in a fast-paced team-oriented environment where change is constant and needs to be managed
Must be performance driven, detailed, and results oriented
Excellent communication and presentation skills with all management levels
Willing to work flexible hours and travel, if needed

Quick response
Required Knowledge
  • K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0048   Knowledge of Risk Management Framework (RMF) requirements.
  • K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
  • K0126   Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • K0169   Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0261   Knowledge of Payment Card Industry (PCI) data security standards.
  • K0267   Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • K0154   Knowledge of supply chain risk management standards, processes, and practices.
  • K0202   Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).
  • K0263   Knowledge of information technology (IT) risk management policies, requirements, and procedures.
  • K0043   Knowledge of industry-standard and organizationally accepted analysis principles and methods.
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0211   Knowledge of confidentiality, integrity, and availability requirements.
  • K0214   Knowledge of the Risk Management Framework Assessment Methodology.
  • K0264   Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements).
  • K0087   Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
  • K0297   Knowledge of countermeasure design for identified security risks.
Required Skills
  • S0171   Skill in performing impact/risk assessments.
  • S0233   Skill in identifying language issues that may have an impact on organization objectives.
  • S0234   Skill in identifying leads for target development.
  • S0374   Skill to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
  • S0022   Skill in designing countermeasures to identified security risks.
  • S0085   Skill in conducting audits or reviews of technical systems.
Required Abilities
  • A0033  Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
  • A0094  Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.
  • A0001  Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
  • A0026  Ability to analyze test data.
  • A0040  Ability to translate data and test results into evaluative conclusions.
  • A0056  Ability to ensure security practices are followed throughout the acquisition process.
  • A0092  Ability to identify/describe target vulnerability.
  • A0112  Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.