24 Hour Fitness, INC. Sr. IT Auditor in Carlsbad, California

LOCATION 1265 Laurel Tree Lane Suite 200 Carlsbad CA 92011

JOB SUMMARY

The Senior IT Internal Auditor assists with the coordination, planning and execution of Internal Audit projects and ongoing internal control initiatives within the Company and in accordance with annual IA plan approved by the Audit Committee of the Board of Directors.

This position will be actively involved in and play a leadership role in Internal Controls Over Financial Reporting (ICFR) with an emphasis on IT General Controls (ITGCs), business and operational process reviews, and re-engineering efforts designed to ensure scalable long-term solutions to support Company growth model. The Senior IT Auditor will be a technical expert for IT audit and internal control related activities with specialized experience in current audit and internal controls best practices.

The position directly supports the continued integration and alignment of the compliance function (Loss Prevention, Risk Management and Internal Audit), as well as proactively partnering with various business functions on identifying value-added business improvements to increase company profitability while mitigating risk.

ESSENTIAL DUTIES & RESPONSIBILTIES Estimated % of Time Spent

Execute Annual Internal Audit Plan as Approved by Audit Committee of Board of Directors

Internal Controls Over Financial Reporting (SOX):

  • Lead IT SOX compliance effort by reviewing existing documentation, assessing design, refining documentation, recommending improvements and developing remediation plans (design assessment).

  • Lead ongoing SOX IT compliance effort including testing of controls across all in-scope applications (and underlying layers) and business process application controls for reliance by external auditors and management's assessment.

  • Perform detailed internal audit review procedures and partner the IA department, including reviewing the work of others (IA Staff and peer review) and evaluation of documentation standard to meet external audit reliance strategy.

  • SOX project management including budget to actual analysis and performing timely status updates to comply with Company SOX objectives.

  • Developing and tracking remediation plans across various business owners and providing timely update reporting

  • Remain abreast of IT security and ICFR developments including but not limited to SEC, PCAOB, COSO, PCI DSS, and Cyber Security trends.

Internal Audit Projects:

  • Play a lead role during key process re-engineering and/or system implementation efforts to ensure SOX compliance, working closely with process owners and outside consultants / service providers (as required).

  • Plan and conduct complex IT integrated audit projects and operational review procedures, including but not limited to PCI/PII, Business Continuity/ Disaster Recovery, continuous monitoring procedures, providing recommendations to increase efficiency, improve control environment and to ensure compliance with company policies and procedures and/or applicable laws and regulations.

  • Partner with cross-functional compliance department and key business partners in providing insight and root-cause analysis based on detailed review and evaluation of large data sets.

  • Assist with refining current exception reporting framework, standardizing reporting/ benchmarking and triangulation of data across various internal and external systems and processes (increasing reporting efficiency through automation).

  • Assist with development of annual internal audit plan.

  • Prepare draft reports and recommendations. 90%

Compliance and Business Integration

  • Establish partnering relationships with various business functions (corporate and field), seeking to innovate and proposing recommendations for value-added improvements (e.g., best practices, cost avoidance and profit enhancement opportunities).

  • Provide leadership on continued efforts to integrate and align cross-functional ongoing monitoring procedures for compliance department (Loss Prevention, Risk Management and Internal Audit).

10%

Total 100%

ORGANIZATION RELATIONSHIPS

This position interfaces with Risk Management, Loss Prevention and Internal Audit departments. Position also interface regularly with Finance, Information Technology, Category Management, Operations, as well as other business functions and third party outsourced service providers. Reports to Senior Manager of Internal Audit & Compliance.

REQUIRED QUALIFICATIONS

Knowledge, Skills & Abilities

Technical Experience

  • Extensive knowledge of IT controls and best practices (ICFR and PCAOB standards )

  • Advanced knowledge of the COSO frameworks, including principles and points of focus

  • Extensive knowledge of audit methodologies and documentation standard

  • Extensive knowledge of industry trends, IT security, and controls within applications, IT systems, servers, and IT Processes

  • Advanced understanding in the following areas: IT General Controls (ITGCs), IT Security, PCI DSS, SDLC , and Project Management

  • Knowledge of IT frameworks, standards and best-practices (e.g. COBIT, ITIL, etc.)

  • Retail / PCI industry experience a plus

  • Proficient in MS Office skills (advanced skills in VBA and Access required)

Communication and Management Skills:

  • Excellent organizational skills

  • Outstanding leadership skills and ability to influence change

  • Strong initiative and assertiveness

  • Goal oriented and a team player

  • Ability to multi-task

  • Strong analytical and problem solving skills

  • Written and verbal communication skills

  • Ability to work independently in fast paced growth environment

Minimum Educational Level/Certifications

  • Bachelor's Degree in Information Systems, Computer Science, Accounting, Finance or related field

Minimum Work Experience and Qualifications

  • 5+years years of experience; preferably including 2 years as a senior associate for a Big 4 firm, a large regional accounting firm or as an internal audit senior associate

  • Master's degree in related field preferred

Physical Demands/ Environmental Conditions

  • Telephone usage to communicate with internal and external customers.

  • Sitting: frequent sedentary work.

  • Viewing computer monitor: average, ordinary visual acuity necessary to prepare document, enter data into computer system, read reports and from computer monitor

  • Keyboarding: use of fingers to make small movements such as typing.

  • Work is performed in a normal business office environment. Extended workdays are a frequent occurrence.

Travel Requirement

  • Travel between Corporate offices (MSC and TSC), as well as field locations (depending on Internal Audit project scope) -- up to 10% of time.

PREFERRED QUALIFICATIONS

Knowledge, Skills & Abilities

  • ACL or other data mining software experience/knowledge.

Educational Level/Certifications

  • Master's degree

  • CISA, CISSP, CIA or CPA

  • Licenses or certifications related to internal audit and compliance

Work Experience and Qualification

  • Big Four Public Accounting experience

  • SOX experience with public company

  • Business process re-engineering experience and/or System Implementation

  • Experience in retail industry or multi-unit environment

FUNCTIONAL GROUP Finance and Accounting

FULL-TIME Full-time