Senior Internal Auditor-Information Technology

Summary

Join iHerb as a Senior IT Auditor and play a key role in ensuring compliance and mitigating risks. You will plan, supervise, and execute audits, implement and test SOX ITGC compliance, and conduct risk assessments. This role involves collaborating with various teams, evaluating controls, and recommending improvements to processes. You will need strong experience in IT auditing, internal controls, and SOX compliance. The position offers a competitive salary and benefits package, including company-paid medical premiums, bonuses, and long-term equity.

Requirements

• Practical experience with internal control standards (Sarbanes Oxley, COSO, COBIT), control testing strategies
• Understanding of Internal audit processes and practices i.e.: technology and tools for planning, testing, and reporting
• Practical experience with evaluating IT general controls concepts in the areas of system development, change management, computer operations and access to programs
• Hands on experience with IT security fundamentals across multiple domains including security management, security architecture, access control, application development, operations security, physical security, and networking, business continuity planning
• Proven experience in driving the execution of IT end-to-end SOX program
• Proven experience in planning, leading, and performing IT internal audits
• Subject matter expert on internal controls, SOX compliance, and/or enterprise risk management
• Strong understanding of business processes and system applications
• Strong planning, project management and analytical skills
• Excellent leadership, written and verbal communication, and collaboration skills
• Self-starter ability to proactively problem-solve, identify, advocate for and execute improvements
• Ability to maintain a positive attitude and embrace change, thrive in a fast-paced environment
• High ethical and personal standards. Possess a strong work ethic with a commitment to continuous improvement in a dynamic and changing environment that strives to exceed expectations
• Experience performing IT General Controls and/or IT Application Controls reviews, hands on experience evaluating risks based on COSO and COBIT principals and executing internal audit programs
• Experience with IT audit in public accounting and/or internal audit involving public companies to include exposure to sophisticated information system audit techniques for SOX 404 compliance including network security, technology infrastructure, software development, disaster recovery, etc
• PCI Compliance/Audit experience AND at least two years of cumulative IT Audit/Technical experience in enterprise ERP systems such as SAP
• Experience with Cloud compliance
• Experience with auditing SAP and designing auditing procedures for home grown IT systems
• Experience with Microsoft Office Suite (Word, Excel, PowerPoint)
• Generally requires a minimum three (3) plus years of public accounting and/or industry experience

Responsibilities

• Assist iHerb in achieving and maintaining compliance with statutory and regulatory obligations
• Plan & lead complex IT audits (based on COBiT methodology) for IT general and application controls in the areas of system development, information security, change management, data networks, computer operations, business continuity and disaster recovery
• Evaluate the design and effectiveness of the control environment; track, monitor and maintain control issues; develop/assist with remediation plans & prepare compliance summaries
• Liaise with Compliance and IT management throughout the annual compliance life cycle
• Evaluate and test security and controls for various on-premise and cloud-based technologies
• Evaluate Service Organization Control (SOC) reports
• Developing and executing a detailed audit work plan for the IT audit component
• Drafting and assisting in reporting audit results to company leadership
• Assessing and communicating audit results, translating findings into level of risk and drive remediation of key issues in a timely manner
• Developing an effective and sustainable IT system controls framework
• Recommend improvements to processes, controls, and test programs to enhance the control environment and improve efficiency/effectiveness
• Develop strong, collaborative working relationships across all levels of the Company; maintain on-going and constant communications with key stakeholders
• Advocate and maintain the highest standard of ethics, discipline, and professionalism
• Coordinate, the work performed by external co-sourced resources

Preferred Qualifications

• Big 4 experience working with public company clients a plus
• Experience with Google Business Suite (Gmail, Drive, Docs, Sheets, Forms) preferred
• Bachelor’s Degree in Information Systems or related field preferred
• Either a CPA, CISA, CIA or CISM qualification with a Big 4 public accounting firm is strongly preferred

Benefits

• Company paid medical premium
• Bonus
• Long term equity in the form of rsu
• Medical, dental, vision, and basic life insurance programs
• 401(k) plan
• Time Off
• Paid Sick Leave
• Paid holidays
• Restrict Stock Units
• Annual bonuses