Lead, Internal Audit

About The Position

Requirements

• Bachelor’s degree or higher in Information Systems, Accounting or a related field
• Minimum 3–5 years of internal or external audit experience, including exposure to IT controls or integrated audits
• Strong understanding of business processes, internal controls, risk assessment, and IT control concepts
• Knowledge of IT general controls, application controls, and common audit frameworks
• Project management skills with the ability to manage multiple priorities and meet deadlines
• Proficiency in Microsoft Office (Word, Excel, PowerPoint); familiarity with audit management tools and basic data analytics (e.g., PowerBi, SQL)
• Working knowledge of audit management and process flow software (e.g., JIRA)
• Clear, concise written and verbal communication skills, including explaining complex topics to non‑technical audiences
• Sound professional judgment, attention to detail, and commitment to audit quality
• Collaborative mindset with the ability to build effective relationships across business and IT teams
• Willingness to travel on a limited basis (approximately 15%)
• Professional ethics – Adheres to Aaron’s key policies, practices and procedures; applies ethical principles and values to the activities being audited
• Internal audit management – Strives for quality and excellence and encourages others to do the same
• International Professional Practices Framework – Maintains current knowledge of the International Professional Practices Framework (IPPF), the authoritative guidance issued by The Institute of Internal Auditors; develops deep understanding of Aaron’s audit methodology, policies and procedures, which are based on the IPPF
• Governance, risk and control – Solid foundation in technical aspects of auditing (knowledge of general accounting, business processes, internal controls, risk assessment and/or other related general/application controls)
• Communication – Understanding of effective communication concepts, tools and techniques; ability to effectively transmit, receive and accurately interpret ideas, information and needs through the application of appropriate communication behaviors
• Relationships and collaboration – Nurtures and builds effective partnerships with audit engagement clients to achieve results; team player, comfortable working on multiple teams/projects simultaneously and independently, as needed
• Critical thinking – Understanding of the issues related to the decision-making process; ability to analyze situations fully and accurately, and reach productive decisions
• Internal audit delivery – Demonstrates efficiency and persistence, managing own time and ensuring engagement deadlines and objectives are met; follows up with management to ensure that management actions have been effectively implemented or that senior management has accepted the risk of not taking action; understanding of the necessity and value of accuracy and attention to detail; ability to process information with high levels of accuracy
• Improvement and innovation – Champions change, continuous improvement and innovation and supports others in the pursuit of these

Nice To Haves

• 2-3 years of experience with a Big 4 or similar firm is preferred
• Experience with Information Security, Privacy, IT Audit, Compliance & IT Management Standards: ISO27001/27002, PCI-DSS, SSAE-16 SOC1 & SOC2, SOX, NIST 800-53, COBIT, GAPP, & COSO
• Experience supporting SOX, IT, compliance, or regulatory audits preferred
• One or more of the following professional designations is preferred: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Certified Public Accountant (CPA)

Responsibilities

• Independently lead and execute integrated audits that evaluate business processes, supporting systems, and related internal controls across financial, operational, compliance, and IT risk areas. This also includes planning, scoping and reporting.
• Assess end‑to‑end risk and control effectiveness by analyzing how business processes, data, and technology interact to support reliable reporting and operations
• Plan and perform risk assessments with audit executive management, identifying emerging risks, key processes, technology risks, dependencies, and control expectations
• Design and execute integrated audits across IT, finance, and operations
• Evaluate control design and operating effectiveness, including controls supporting SOX and other regulatory requirements
• Supervise staff, delegates tasks, and provides coaching and feedback
• Partner with business and IT stakeholders to understand complex workflows, identify root causes, and provide practical, value‑focused recommendations
• Prepare high‑quality audit documentation and workpapers that clearly support conclusions and comply with audit standards
• Prepare or detail review work papers in accordance with departmental standardsDraft audit observations and formal written reports, supporting clear messaging and actionable remediation plans for management
• Meet face-to-face with Directors/VPs, communicate engagement progress, negotiate action plans, and manage stakeholder expectations
• Track remediation of audit findings and validate that corrective actions effectively address identified risks
• Perform advanced analytics (e.g., SQL/PowerBI) and have the ability to build data-driven models
• Support special projects, advisory activities, and continuous improvement initiatives within Internal Audit
• Assist in preparing quarterly Audit Committee communications, including timely follow-up with management on open audit recommendations
• Participate in store audits and assist the store audit team with desktop audits and other operational audit procedures
• Exhibit a high degree of judgment, determines significance of audit processes/issues, and manages escalations independently