Internal Audit Director - IT Manager

About The Position

Requirements

• Education: Bachelor’s degree in Management Information Systems (MIS), Computer Science, or Accounting.
• Experience: 8–10+ years of progressive experience in IT Audit, IT Risk, or Cyber Consulting (Big 4 or large-scale complex corporate environments preferred).
• Certifications: CISA required. CISSP, CRISC, or CISM highly preferred.
• Framework Mastery: Deep understanding of COBIT, NIST, ISO 27001, and the COSO Internal Control Framework.
• Influencing Without Authority: Exceptional "executive presence" with the ability to translate complex "tech-speak" into actionable business risks for senior leadership and IIA Standards.

Nice To Haves

• M&A Track Record: Proven experience managing IT control transitions during business combinations or system consolidations.
• Industry Savvy: Strong background in manufacturing or organizations engaged in government contracting.
• Modern Audit Toolkit: Hands-on experience with SQL, Python, or AI-based audit tools (e.g., Alteryx, MindBridge, or custom GPT agents).
• Systems & Data: Proficiency in ERP systems (Netsuite/Oracle, Snowflake/DataBricks)

Responsibilities

• AI-Enabled Control Testing: Architect and implement AI/Machine Learning models to transition from manual sample-based testing to 100% population testing.
• Annual SOX Audit: Lead SOX IT control design and operating effectiveness including identification of gaps, operating deficiencies, remediation plan and partnership with process owners to optimize control environment
• Audit Workflow Automation: Leverage Generative AI and Robotic Process Automation (RPA) to automate the documentation of walkthroughs, drafting of audit reports, and the mapping of controls to regulatory frameworks.
• Continuous Control Monitoring (CCM): Partner with IT to build real-time dashboards that monitor key risk indicators (KRIs), moving the department toward a "continuous audit" model.
• Predictive Risk Insights: Use data signals to identify emerging risks in the Quote-to-Cash and Manufacturing cycles before they manifest as material weaknesses.
• Lead the development of automated risk-sensing capabilities and Key Risk Indicators (KRIs) within the ERM framework, leveraging data analytics to provide real-time assurance over tech-stack dependencies and third-party vendor ecosystems
• Automated Control Testing: Review the automated controls within core value streams such as Quote-to-Cash (Q2C) and Procure-to-Pay (P2P) to ensure data integrity and system reliability.
• Annual SOX Audit: Lead SOX control design and operating effectiveness including ITGC’s, identification of gaps, operating deficiencies, remediation plan and partnership with process owners to optimize control environment
• SDLC & Implementation: Perform pre- and post-implementation reviews for major system upgrades or ERP deployments to prevent "go-live" control failures.
• IT Due Diligence: Lead IT-focused risk assessments for business combinations, evaluating the target company’s security posture and control maturity.
• Post-Merger Integration (PMI): Direct the integration of acquired entities into the corporate Internal Control Framework (COSO), managing the risks associated with data migration and system cutovers.
• ITGC Ownership: Lead the testing of IT General Controls (ITGC) and IT Application Controls (ITAC) for SOX 404 compliance.
• Regulatory Standards: Ensure IT systems meet stringent government contracting standards, including NIST 800-171, CMMC, and FAR/DFARS requirements.

Benefits

• comprehensive medical, dental, and vision plans
• matching 401K
• unlimited PTO and paid holidays
• parental/adoption leave
• legal insurance
• a home internet stipend
• pet insurance