24 Hour Fitness, INC. Sr. IT Auditor in Carlsbad, California
LOCATION 1265 Laurel Tree Lane Suite 200 Carlsbad CA 92011
The Senior IT Internal Auditor assists with the coordination, planning and execution of Internal Audit projects and ongoing internal control initiatives within the Company and in accordance with annual IA plan approved by the Audit Committee of the Board of Directors.
This position will be actively involved in and play a leadership role in Internal Controls Over Financial Reporting (ICFR) with an emphasis on IT General Controls (ITGCs), business and operational process reviews, and re-engineering efforts designed to ensure scalable long-term solutions to support Company growth model. The Senior IT Auditor will be a technical expert for IT audit and internal control related activities with specialized experience in current audit and internal controls best practices.
The position directly supports the continued integration and alignment of the compliance function (Loss Prevention, Risk Management and Internal Audit), as well as proactively partnering with various business functions on identifying value-added business improvements to increase company profitability while mitigating risk.
ESSENTIAL DUTIES & RESPONSIBILTIES Estimated % of Time Spent
Execute Annual Internal Audit Plan as Approved by Audit Committee of Board of Directors
Internal Controls Over Financial Reporting (SOX):
Lead IT SOX compliance effort by reviewing existing documentation, assessing design, refining documentation, recommending improvements and developing remediation plans (design assessment).
Lead ongoing SOX IT compliance effort including testing of controls across all in-scope applications (and underlying layers) and business process application controls for reliance by external auditors and management's assessment.
Perform detailed internal audit review procedures and partner the IA department, including reviewing the work of others (IA Staff and peer review) and evaluation of documentation standard to meet external audit reliance strategy.
SOX project management including budget to actual analysis and performing timely status updates to comply with Company SOX objectives.
Developing and tracking remediation plans across various business owners and providing timely update reporting
Remain abreast of IT security and ICFR developments including but not limited to SEC, PCAOB, COSO, PCI DSS, and Cyber Security trends.
Internal Audit Projects:
Play a lead role during key process re-engineering and/or system implementation efforts to ensure SOX compliance, working closely with process owners and outside consultants / service providers (as required).
Plan and conduct complex IT integrated audit projects and operational review procedures, including but not limited to PCI/PII, Business Continuity/ Disaster Recovery, continuous monitoring procedures, providing recommendations to increase efficiency, improve control environment and to ensure compliance with company policies and procedures and/or applicable laws and regulations.
Partner with cross-functional compliance department and key business partners in providing insight and root-cause analysis based on detailed review and evaluation of large data sets.
Assist with refining current exception reporting framework, standardizing reporting/ benchmarking and triangulation of data across various internal and external systems and processes (increasing reporting efficiency through automation).
Assist with development of annual internal audit plan.
Prepare draft reports and recommendations. 90%
Compliance and Business Integration
Establish partnering relationships with various business functions (corporate and field), seeking to innovate and proposing recommendations for value-added improvements (e.g., best practices, cost avoidance and profit enhancement opportunities).
Provide leadership on continued efforts to integrate and align cross-functional ongoing monitoring procedures for compliance department (Loss Prevention, Risk Management and Internal Audit).
This position interfaces with Risk Management, Loss Prevention and Internal Audit departments. Position also interface regularly with Finance, Information Technology, Category Management, Operations, as well as other business functions and third party outsourced service providers. Reports to Senior Manager of Internal Audit & Compliance.
Knowledge, Skills & Abilities
Extensive knowledge of IT controls and best practices (ICFR and PCAOB standards )
Advanced knowledge of the COSO frameworks, including principles and points of focus
Extensive knowledge of audit methodologies and documentation standard
Extensive knowledge of industry trends, IT security, and controls within applications, IT systems, servers, and IT Processes
Advanced understanding in the following areas: IT General Controls (ITGCs), IT Security, PCI DSS, SDLC , and Project Management
Knowledge of IT frameworks, standards and best-practices (e.g. COBIT, ITIL, etc.)
Retail / PCI industry experience a plus
Proficient in MS Office skills (advanced skills in VBA and Access required)
Communication and Management Skills:
Excellent organizational skills
Outstanding leadership skills and ability to influence change
Strong initiative and assertiveness
Goal oriented and a team player
Ability to multi-task
Strong analytical and problem solving skills
Written and verbal communication skills
Ability to work independently in fast paced growth environment
Minimum Educational Level/Certifications
- Bachelor's Degree in Information Systems, Computer Science, Accounting, Finance or related field
Minimum Work Experience and Qualifications
5+years years of experience; preferably including 2 years as a senior associate for a Big 4 firm, a large regional accounting firm or as an internal audit senior associate
Master's degree in related field preferred
Physical Demands/ Environmental Conditions
Telephone usage to communicate with internal and external customers.
Sitting: frequent sedentary work.
Viewing computer monitor: average, ordinary visual acuity necessary to prepare document, enter data into computer system, read reports and from computer monitor
Keyboarding: use of fingers to make small movements such as typing.
Work is performed in a normal business office environment. Extended workdays are a frequent occurrence.
- Travel between Corporate offices (MSC and TSC), as well as field locations (depending on Internal Audit project scope) -- up to 10% of time.
Knowledge, Skills & Abilities
- ACL or other data mining software experience/knowledge.
CISA, CISSP, CIA or CPA
Licenses or certifications related to internal audit and compliance
Work Experience and Qualification
Big Four Public Accounting experience
SOX experience with public company
Business process re-engineering experience and/or System Implementation
Experience in retail industry or multi-unit environment
FUNCTIONAL GROUP Finance and Accounting