Internal Auditor

Summary

Join lastminute.com's Internal Audit team as a remote Internal Auditor based in Madrid, Spain. This permanent, full-time (36 hours/week) role involves assisting the Head of Internal Audit in planning and executing the annual audit plan, leading audit engagements, and preparing reports. You will develop a deep understanding of business processes, identify key risks and controls, and communicate findings and recommendations. The position requires 2-4 years of experience in IT/Cybersecurity audit or Internal Controls audit, a Bachelor's or Master's degree in a related field, and excellent English communication skills. Minimal travel is required. The role offers a shorter working week, flexible hours, and various professional development opportunities.

Requirements

• Experience : 2-4 years of experience in either IT/Cybersecurity audit or Internal Controls audit
• Bachelor's or Master's degree in Finance, Business Administration, Information Systems Engineering or a related field
• English (mandatory): Excellent written and spoken language skills

Responsibilities

• Assist the Head of Internal Audit in planning and executing the approved risk-based annual audit plan
• Assist the Head of Internal Audit in preparing ad-hoc presentations and drafting meeting minutes related to the Audit Committee
• Lead and independently execute end-to-end internal audit engagements, ensuring timely and high-quality delivery
• Coordinate and oversee external consultants, if engaged, in the execution of internal audit engagements, to ensure alignment with internal audit methodologies and objectives
• Develop a deep understanding of business processes within the audit scope, identifying key risks and controls
• Conduct kick-off meetings with auditees to clearly communicate the audit scope, objectives, and key steps of the audit process
• Obtain, analyse and evaluate audit evidence, ensuring that audit findings are supported by well-documented conclusions
• Identify and communicate audit findings identified, proposing practical and value-added recommendations to address control weaknesses and/or process improvements
• Prepare formal audit reports to effectively communicate findings and recommendations emerged during the audit activities conducted
• Lead closing meetings with auditees at the end of fieldwork activities, providing clear, constructive feedback on audit findings and recommendations
• Monitor and assess the implementation status of audit recommendations, ensuring that agreed-upon corrective actions are effectively executed within the defined timeline
• Support the continuous improvement of the Internal Audit function, contributing to risk assessments and control evaluations that enhance governance, risk management, and internal controls
• Develop and maintain effective and professional working relationships with all levels of management within the organization
• Assist in ad-hoc projects and special investigations, as required by senior management or regulatory bodies

Preferred Qualifications

• IT & Cybersecurity Focus : Experience in IT audits, cybersecurity risks, IT general controls (ITGCs) and data protection. Familiarity with frameworks such as NIST, COBIT and CIS Controls is a plus
• Internal Controls Focus : Strong knowledge of internal control frameworks (e.g., COSO, SOX compliance, risk-based auditing, process and financial controls)
• Other languages: appreciated but not required

Benefits

• An inclusive, friendly, and international environment (you’ll be working with colleagues from +10 countries and over 48 nationalities)
• Shorter working week (36h as full time), with a half working day on Fridays
• Flexible start and end of the working day
• Possibility to work from anywhere for a period of time per year defined according to local regulations
• Fri-Yays: half a day on Friday morning with a no-meeting mandate and dedicated to deep work, personal growth, learning and training and/or focus time
• Professional and managerial skills development training paths, access to e-learning platforms such as O’reilly, Udemy, Coursera (depending on the department), and to our internal platform offering bespoke training content
• 2 paid days off per year for volunteering purposes
• Occasional social events to foster connections among colleagues
• Travel industry discounts and flash exclusive staff fares
• We support our employees through life's significant moments with leave options (e.g parental responsibilities, marriages, bereavements, relocations, etc.) in line with local laws