IT Audit Risk and Compliance Manager
CDK

Position Summary:

CDK is amid a significant transformation, and we are looking to hire someone who can be part of this exciting journey. As a member of the Internal Audit organization, this position will act as the liaison for the IT and Product & Technology security and compliance organizations. IT Audit provides independent and objective control assurance and advisory services with a goal of adding value to CDK's IT organization. The IT Audit team assists IT in accomplishing their objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of IT governance, risk management, and internal control. The ideal candidate will have a strong working knowledge of IT and IT auditing with at least 4 years of progressive experience in a "Big Four" or other consulting/professional services environment and at least 8 years of overall experience. The IT Audit Risk and Compliance Manager will:

• Manage IT SOX compliance testing and coordination with control owners, and external auditors
• Provide oversight and coordination over SOC 1 & 2 risk assessment and control activities with control owners, Product and IT management, external auditors and customers
• End to end development, execution and conclusion of information technology, information security, technology product and related audits
• Prepare formal written reports expressing conclusions, review results with management and perform ongoing reporting of remediation efforts
• Recommend improvements to systems, procedures and processes to minimize risks, improve efficiency, or generate cost savings
• Perform validation of exceptions including quantifying risks, investigating root causes, and working with owners to establish action plans
• Maintain an adaptive, yet agile approach based on the in-scope entity's technical architecture and use of specific technology platforms or configurations.
• Ability to apply data analytics across IT environment for advanced audit planning and continuous audit concepts

Responsibilities:

Annual audit plan and Stakeholder Engagement

• Assist in executing and managing risk-based audit plan based on audit methodology
• Develop business partnerships with IT, Product, Privacy, Security and other key management and stakeholders to facilitate discussions for risk assessments and audit planning
• Participate and lead in cross functional IT, Security, Privacy, Product discussions and stakeholder management
• Maintain relationships with external auditors regarding IT SOX and SOC engagements
• Evaluate significant corporate initiatives, implementations, etc. to ensure appropriate risks and controls have been considered
• Provide inputs to the CAE on the plan each quarter to ensure adequacy of coverage and incorporate emerging risk areas as part of quarterly rolling audit plan

Management of IT Compliance Testing (SOX and SOC)

• Collaborate with other IT and Product risk assurance functions as it relates to proactive identification and management of risks and opportunities
• Build trust and maintain positive relationships with internal partners, cross-functional teams, and external auditors.
• Identifies and shares improvement opportunities to control owners on testing and documentation in performance of the controls
• Escalates, researches, and assesses deficiencies identified and works with management to identify an appropriate solution. Evaluate remediation activities and perform retesting to verify appropriate resolution
• Identifies opportunities for enhancements in overall SOX and SOC program efficiency and effectiveness for centralization, standardization, and automation

Execution of audit plan

• Develop work programs and perform the execution of IT audits and oversee preparation of work papers to adequately document systems, processes and controls using narratives and process design flows, audit work performed to test design and operating effectiveness, and support conclusions reached.
• Evaluate significant corporate initiatives, implementations, etc. to ensure appropriate risks and controls have been considered
• Perform advanced audits in the areas of emerging technology risks - cybersecurity, cloud platforms, IT governance, Agile Software Development Cycle methodologies, Enterprise Cybersecurity
• Continuously monitor progress / quality of assigned projects and audit findings
• Ensure use of IT Audit tools where applicable

Qualifications:

• Bachelor's degree in management information systems, Computer Science, Mathematics, Business, Finance or Accounting
• 8+ years of professional experience in IT Governance, IT Risk, IT Audit, IT Operations or related fields, preferably with a Fortune 1000 companies or Big 4 consulting experience within advisory or assurance.
• CISM, CISA, CISSP, CRISC designation or other relevant certification is required.
• Solid experience in the Identity Access Management space, ERP Systems (Oracle)
• Experience supporting audits and assessments across cloud technology (AWS, Azure), Software-as-a-Service (Workday, COUPA, etc.)
• IT SOX/SOC/ISO strategy and experience
• Understanding of regulatory and external requirements as they relate to IT, privacy, and cybersecurity for regulations such as HIPAA, GDPR, and SOX.
• Experience using industry standards/frameworks, such as NIST 800-53, NIST 800-171, NIST Privacy Framework, CSA CCM, ISO 27001, ITIL v3, COBIT and FAIR is desirable.
• Knowledge of IT Operational Functions including IAM, Asset Management, Cybersecurity, Data Privacy.
• Track record of working alongside business leaders, positioning internal audit as a strategic partner, identifying and helping mitigate risk.
• Superior business acumen: ability to build positive relationships and trust with company leadership and business process owners.
• Modern Audit/ Data-Driven Approach - Track record of leveraging technology and using data to drive insights and actions.
• Strong quantitative and qualitative analysis skills; ability to take large volumes of complex information and present it in a clear and concise manner.

• Understanding of the quality regulations and auditing techniques required for the SAAS industry.

Salary Range: $130,000 - $135,000

CDK Global is committed to fair and equitable compensation practices. Compensation packages are based on several factors, including but not limited to skills, experience, certifications, and work location. The total compensation package for this position may also include annual performance bonus, benefits and/or other applicable incentive compensation plans.We offer Medical, dental, and vision benefits in addition to:

• Paid Time Off (PTO)
  
• 401K Matching Program
  
• Tuition Reimbursement
  

At CDK, we believe inclusion and diversity are essential in inspiring meaningful connections to our people, customers and communities. We are open, curious and encourage different views, so that everyone can be their best selves and make an impact.

CDK is an Equal Opportunity Employer committed to creating an inclusive workforce where everyone is valued. Qualified applicants will receive consideration for employment without regard to race, color, creed, ancestry, national origin, gender, sexual orientation, gender identity, gender expression, marital status, creed or religion, age, disability (including pregnancy), results of genetic testing, service in the military, veteran status or any other category protected by law.

Applicants for employment in the US must be authorized to work in the US. CDK may offer employer visa sponsorship to applicants.

---