Job Overview:
Responsible for planning, performing, and reporting various complex Information Technology (IT) audit projects following professional best practices and enterprise standards. Validate and test organizational IT general controls including but not limited to change management, access management, and technology operations in correlation to Sarbanes Oxley (SOX) compliance. Assess internal departments’ compliance with enterprise policies, procedures, and standards. Assist in the assessment of enterprise inherent and residual risk correlating to cybersecurity, network security, and IT control design/operation. When applicable recommend corrective action, prepare observations, and perform observation remediation analysis.
Job Responsibilities and Accountabilities:
- Performs and supervises multiple concurrent internal IT audits with minimal supervision by the internal audit department manager, including developing work programs applicable to designated IT scope areas per appropriate professional and department standards.
- Validate and test organizational IT general controls including but not limited to change management, access management, and technology operations in correlation to Sarbanes Oxley (SOX) compliance.
- Participates in department meetings and assists with internal audit department initiatives as assigned.
- Assist in the development and completion of the annual SOX testing program.
- Assists in ongoing departmental and enterprise risk assessments and understanding of business objectives through contact with IT management.
- Identifies various risks (e.g., security, operational, compliance) and recommends corrective actions to IT Management groups.
- Completes department administrative reporting as assigned.
- Provides guidance and assistance to less experienced audit staff, in a team environment or as assigned by the IT audit manager.
- Remains current with professional skills and knowledge of emerging IT trends (e.g., Cybersecurity)
- Represents IT internal audit group as directed during the IT audit manager’s absence.
- Performs other relevant job duties as required.
Job Requirements:
- Bachelor's degree in Computer Information Systems, Computer Science, Cybersecurity, or a related field is preferred.
- Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) certification preferred.
- Seven to ten years of experience in related field is required.
- Five to seven years of experience in IT auditing, IT security, or other related fields.
- General knowledge of NIST, ISO, and other common security frameworks.
- Must possess knowledge of at least one or more of the following areas: server/systems (Microsoft, UNIX/Linux, mainframe, AS400), application development (C++, Java, .NET), networking and telecommunications (OSI model, appliances), databases (Oracle, Teradata, IDMS, DB2, SQL Server, Big Data), web services (Internet/Intranet) or security operations (application security, vulnerability management, risk and compliance, incident management).
- A detailed understanding of IT processes and controls is required. General knowledge of Company operations and the retail industry is helpful.
- Some travel may be required.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability, or protected veteran status. UNFI is an Equal Opportunity Employer committed to creating an inclusive and respectful environment for all. - M/F/Veteran/Disability. VEVRAA Federal Contractor.